diff --git a/php/.htaccess b/php/.htaccess deleted file mode 100644 index f289550940da314e0c59b1995c38ed2b670f8f78..0000000000000000000000000000000000000000 --- a/php/.htaccess +++ /dev/null @@ -1 +0,0 @@ -Header set Access-Control-Allow-Origin "*" diff --git a/php/config.php b/php/config.php index 5e7980b5a861f872f24d5dd44e06471e748bf364..51116abd60ce33908aa847daf26b32c720fbe2b9 100644 --- a/php/config.php +++ b/php/config.php @@ -1,7 +1,6 @@ <?php -//$poller_bin = "/usr/lib/mw/mwpoll"; -$poller_bin = "/usr/local/lib/mw/mwpoll.test"; +$poller_bin = "/usr/lib/mw/mwpoll"; $poller_path = "/var/run/mw/mwpoll."; /* Fix these paths to your local test copy for test mode e.g. */ diff --git a/php/imageproxy.php b/php/imageproxy.php new file mode 100644 index 0000000000000000000000000000000000000000..9226c278b26905c585fe2da427adcf4f2de76f77 --- /dev/null +++ b/php/imageproxy.php @@ -0,0 +1,35 @@ +<?php + $url = ""; + if (isset($_GET['url'])){ + $url = $_GET[ 'url' ]; + } else { + exit(); + } + + $url_headers = get_headers($url, 1); + + if (isset($url_headers['Content-Type'])) { + $type = strtolower($url_headers['Content-Type']); + + $valid_image_type = array(); + $valid_image_type['image/png']=''; + $valid_image_type['image/jpg']=''; + $valid_image_type['image/jpeg']=''; + $valid_image_type['image/jpe']=''; + $valid_image_type['image/gif']=''; + $valid_image_type['image/tif']=''; + $valid_image_type['image/tiff']=''; + $valid_image_type['image/svg']=''; + $valid_image_type['image/ico']=''; + $valid_image_type['image/icon']=''; + $valid_image_type['image/x-icon']=''; + + if (isset($valid_image_type[$type])) { + $im = file_get_contents($url); + $imdata = base64_encode($im); + echo $imdata; + } else { + echo 'not_an_image'; + } + } +?> diff --git a/php/index.php b/php/index.php index cb0aab8ac7fa180db852a7c03bb0f9e8ab9e1e7c..44869e265f1ea58153ccdb5ec488889faf986b2d 100644 --- a/php/index.php +++ b/php/index.php @@ -23,7 +23,7 @@ if (!isset($mwsess)) { if ($_REQUEST['sucssite_loggedin']=="true" && $action!="logout") { require("startup.php"); } else { - echo 'Post requests only to this url'; + echo 'nope'; exit; } } diff --git a/php/poll.php b/php/poll.php index a9d7783c6df53ee8a51a2e0d5e20c4ad3cffec34..144623f2f5de8166c53403830e8cff485e51e466 100644 --- a/php/poll.php +++ b/php/poll.php @@ -1,12 +1,11 @@ <? - require_once("config.php"); $data = unserialize(@$_REQUEST['mwsess']); $sess = (int)$data['pid']; $auth = trim($data['auth']); -$path = $poller_path.$sess; +$path = $poller_path . $sess; header("Content-type: application/json; charset=utf-8"); @@ -27,7 +26,10 @@ if (@socket_recv($sock, $response, 4096, 0)===FALSE) { exit; } $res = json_decode($response, TRUE); -if ($res === NULL) { echo "{\"status\":\"Bad server response\"}\n"; exit; } +if ($res === NULL) { + echo "{\"status\":\"Bad server response\"}\n"; + exit; +} if ($res['status'] != "OK") { echo $response; @@ -46,8 +48,12 @@ if (@socket_recv($sock, $response, 262144, 0)===FALSE) { exit; } -if ($response!="") echo $response."\n"; -else echo "[]\n"; +if ($response != "") { + echo $response . "\n"; +} else { + echo "[]\n"; +} socket_close($sock); +exit; ?> diff --git a/php/startup.php b/php/startup.php index 0e9781a74274256b980cb6aa0a640cba9fb077df..32db816f3f13109bff79e7317a8ec286f9893b5d 100644 --- a/php/startup.php +++ b/php/startup.php @@ -7,140 +7,120 @@ $password = trim($_REQUEST['password']); // Preliminary checks -// Have we been passed SUCSsite cookies? -// If not, test that the login details make sense. -if (@$_REQUEST['sucssite_loggedin']!="true") { - if (empty($username) || empty($password)) { - echo json_encode((object) ['error' => 'username and password must both be not empty']); - exit; - } +// Test that the login details make sense. +if (empty($username) || empty($password)) { + echo json_encode((object) ['error' => 'username and password must both be not empty']); +} - if (ctype_alnum($username) === FALSE) { - echo json_encode((object) ['error' => 'alphanumeric usernames only']); - exit; - } +if (!preg_match("/^[a-z][a-z0-9_]*$/", $username)) { + echo json_encode((object) ['error' => 'invalid characters in username']); + exit; } -// Have we been asked to create a new Milliways account? -// If so, make sure that the password supplied is suitable. -if ($action=="create") { - $pass1 = @$_REQUEST['password1']; - $pass2 = @$_REQUEST['password2']; - - if ($pass1 != $pass2) { - echo json_encode((object) ['error' => 'Passwords don\'t match - please try again']); - exit; - } +login($mwpoll, $username, $password, true); - if (empty($pass1)) { - echo json_encode((object) ['error' => 'Password cannot be blank']); - exit; - } - - if (ctype_alnum($pass1) === FALSE) { - echo json_encode((object) ['error' => 'Milliways passwords can only contain alphanumeric characters']); - exit; - } +function login($mwpoll, $username, $password, $continue) { + $desc = array( + 0 => array("pipe", "r"), + 1 => array("pipe", "w"), + ); + $pipes = array(); - if (strlen($pass1) < 6) { - echo json_encode((object) ['error' => 'Milliways passwords must be 6 characters or more']); - exit; - } -} - -$desc = array( - 0 => array("pipe", "r"), - 1 => array("pipe", "w"), -); -$pipes = array(); - -// Have we got SUCSsite cookies? -// And no login attempt? -// If so, fetch the user details and try to log in without a password. -if (@$_REQUEST['sucssite_loggedin']=="true" && empty($username)) { - - // Do we appear to be in the SUCSsite environment? - // There's only any point trying if we do. - if (file_exists("../settings.php")) { - // Do the bare minimum of SUCSsite init to retrieve the username for the session we've been passed - include("../settings.php"); - // Initialise the database - require("/usr/share/php/adodb/adodb.inc.php"); - $DB = NewADOConnection('postgres9'); - $DB->Connect('dbname='.$dbname.' user=apache'); - $DB->SetFetchMode(ADODB_FETCH_ASSOC); - - // Include the session library - require($base."lib/session.php"); - $session = new Session; - // $smarty->assign("session", $session); // This line might be useful? - $realuser = $session->username; - - if ($action == "create") { - $p = proc_open($mwpoll." -q -a -u ".$realuser." -s", $desc, $pipes); - } else { - $p = proc_open($mwpoll." -q -u ".$realuser." -s", $desc, $pipes); - } - $mode = "sucssite"; - } -} else { - // If not, try logging in with a password. $p = proc_open($mwpoll." -q -u $username", $desc, $pipes); - $mode = "password"; -} -if (empty($p)) { - echo "<h1>No</h1>"; - exit; -} - -if ($p === FALSE) { - echo json_encode((object) ['error' => 'failed to exec mwpoll']); - exit; -} + if (empty($p)) { + echo "<h1>No</h1>"; + exit; + } -if ($mode == "sucssite" && @$_REQUEST['sucssite_loggedin']=="true" && empty($username)) { - // If we have a sucssite session cookie, use that - fwrite($pipes[0], trim($_REQUEST['sucssite_session'])."\n"); - if ($action="create") { - fwrite($pipes[0], $pass1."\n"); + if ($p === FALSE) { + echo json_encode((object) ['error' => 'failed to exec mwpoll']); + exit; } -} else { + // Try logging on using username and password if (fwrite($pipes[0], $password."\n") === FALSE) { echo "Error writing to mwpoll\n"; } -} -$pid = fgets($pipes[1]); -if ($pid === FALSE) { - echo "error reading pid.\n"; -} + $pid = fgets($pipes[1]); + if ($pid === FALSE) { + echo "error reading pid.\n"; + exit; + } -$pid = trim($pid); -if (!is_numeric($pid)) { - if (substr($pid, -10) =="not found.") { - // User doesn't exist - ask for a Milliways password so we can create them! - echo json_encode((object) ['error' => $pid]); - exit; + $pid = trim($pid); + if (!is_numeric($pid)) { + if (preg_match('/not found/', $pid)) { + if ($continue) { + createUser($mwpoll, $username, $password); + } + exit; + } else { + echo json_encode((object) ['error' => 'Bad response: pid=$pid']); + exit; + } } + + $auth = fgets($pipes[1]); - echo json_encode((object) ['error' => 'Bad response: pid=$pid']); - exit; -} + if ($auth === FALSE) { + echo "Error reading auth string\n"; + } -$auth = fgets($pipes[1]); + $sess = array ( + "pid" => $pid, + "auth" => $auth, + "username" => $username + ); -if ($auth === FALSE) { - echo "Error reading auth string\n"; + $mwsess = serialize($sess); + echo "success:" . $mwsess; } -$sess = array ( - "pid" => $pid, - "auth" => $auth, - "username" => $username -); - -$mwsess = serialize($sess); -echo "success:" . $mwsess; +function createUser($mwpoll, $username, $password) { + // SUCS LDAP Server + $sucsLDAPServer = 'silver.sucs.swan.ac.uk'; + // Bind String + $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org"; + + // Try and connect to Silver + $ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server."); + + if ($ldapconnSUCS) { + // Try and bind to SUCS LDAP. Using @ to suppress PHP warining on failure + $ldapbindSUCS = @ldap_bind($ldapconnSUCS, $sucsBindDn, $password); + + if ($ldapbindSUCS) { + $desc = array( + 0 => array("pipe", "r"), + 1 => array("pipe", "w"), + ); + $pipes = array(); + // Authed to SUCS lets try and create the user + $p = proc_open($mwpoll." -q -a -u $username -s", $desc, $pipes); + fwrite($pipes[0], $password . "\n"); + fwrite($pipes[0], $password . "\n"); + fclose($pipes[0]); + $pid = fgets($pipes[1]); + if ($pid === FALSE) { + echo json_encode((object) ['error' => 'Error reading pid']); + } + + $auth = fgets($pipes[1]); + fclose($pipes[1]); + proc_close($p); + if ($auth === FALSE) { + login($mwpoll, $username, $password, false); + } + exit; + } else { + echo json_encode((object) ['error' => 'Failed to auth to SUCS']); + exit; + } + } else { + echo json_encode((object) ['error' => 'Failed to connect to SUCS LDAP']); + exit; + } +} ?>