From 239c2b168411c110b1f884f6ef0df172cb913b4b Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Tue, 7 Jan 2014 15:50:16 +0100 Subject: reviewed cookies api --- includes/controller/angeltypes_controller.php | 6 +- includes/controller/api.php | 252 +++++++++++---------- includes/controller/user_angeltypes_controller.php | 10 +- includes/model/AngelType_model.php | 4 +- includes/model/Message_model.php | 94 ++++---- includes/model/Room_model.php | 8 +- includes/model/Shifts_model.php | 5 +- includes/model/User_model.php | 10 +- includes/pages/user_messages.php | 4 +- 9 files changed, 200 insertions(+), 193 deletions(-) diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 03c9651d..8b1783f2 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -38,7 +38,7 @@ function angeltype_delete_controller() { if (! in_array('admin_angel_types', $privileges)) redirect(page_link_to('angeltypes')); - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) @@ -69,7 +69,7 @@ function angeltype_edit_controller() { $name = ""; $restricted = false; if (isset($_REQUEST['angeltype_id'])) { - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) @@ -127,7 +127,7 @@ function angeltype_controller() { if (! isset($_REQUEST['angeltype_id'])) redirect(page_link_to('angeltypes')); - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) diff --git a/includes/controller/api.php b/includes/controller/api.php index 3c87e5b4..4403b984 100644 --- a/includes/controller/api.php +++ b/includes/controller/api.php @@ -1,6 +1,5 @@ 'failed', - 'error' => 'Missing parameter "key".' ))); - - // check API key + die(json_encode(array( + 'status' => 'failed', + 'error' => 'Missing parameter "key".' + ))); + + // check API key $user = User_by_api_key($key); if ($user === false) - die( json_encode( array ( - 'status' => 'failed', - 'error' => 'Unable to find user' ))); + die(json_encode(array( + 'status' => 'failed', + 'error' => 'Unable to find user' + ))); if ($user == null) - die( json_encode( array ( - 'status' => 'failed', - 'error' => 'Key invalid.' ))); - - // decode command - switch( $cmd) { + die(json_encode(array( + 'status' => 'failed', + 'error' => 'Key invalid.' + ))); + + // decode command + switch ($cmd) { case 'getroom': getRoom(); break; @@ -162,34 +163,39 @@ function api_controller() { getAngelType(); break; case 'getuser': - getUser(); + // TODO Dataleak! Only coordinators are allowed to see so much user informations. + //getUser(); break; case 'getshift': getShift(); break; case 'getmessage': - getMessage(); + // TODO Dataleak! + //getMessage(); break; case 'sendmessage': sendMessage(); break; default: - $DataJson = array ( + $DataJson = array( 'status' => 'failed', - 'error' => 'Unknown Command "'. $cmd. '"' ); + 'error' => 'Unknown Command "' . $cmd . '"' + ); } - + // check - if( $DataJson === false) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'DataJson === false' ); - } elseif( $DataJson == null) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'DataJson == null' ); + if ($DataJson === false) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'DataJson === false' + ); + } elseif ($DataJson == null) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'DataJson == null' + ); } - + echo json_encode($DataJson); die(); } @@ -197,143 +203,151 @@ function api_controller() { /** * Get Version of API */ -function getVersion(){ +function getVersion() { global $DataJson; - + $DataJson = array( - 'status' => 'success', - 'Version' => 1); + 'status' => 'success', + 'Version' => 1 + ); } - /** * Get API Key */ -function getApiKey(){ - global $DataJson, $_REQUEST; - - if (!isset($_REQUEST['user']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "user".' ); - } - elseif (!isset($_REQUEST['pw']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "pw".' ); +function getApiKey() { + global $DataJson; + + if (! isset($_REQUEST['user'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "user".' + ); + } elseif (! isset($_REQUEST['pw'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "pw".' + ); } else { - $Erg = sql_select( "SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); - + $Erg = sql_select("SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); + if (count($Erg) == 1) { $Erg = $Erg[0]; - if (verify_password( $_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { + if (verify_password($_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { $key = $Erg["api_key"]; $DataJson = array( - 'status' => 'success', - 'Key' => $key); + 'status' => 'success', + 'Key' => $key + ); } else { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'PW wrong' ); + $DataJson = array( + 'status' => 'failed', + 'error' => 'PW wrong' + ); } } else { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'User not found.' ); + $DataJson = array( + 'status' => 'failed', + 'error' => 'User not found.' + ); } } - + sleep(1); } - /** * Get Room */ -function getRoom(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mRoom( $_REQUEST['id']); +function getRoom() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = Room($_REQUEST['id']); } else { - $DataJson = mRoomList(); + $DataJson = Room_ids(); } } /** * Get AngelType */ -function getAngelType(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mAngelType( $_REQUEST['id']); +function getAngelType() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = AngelType($_REQUEST['id']); } else { - $DataJson = mAngelTypeList(); + $DataJson = AngelType_ids(); } } /** * Get User */ -function getUser(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mUser_Limit( $_REQUEST['id']); +function getUser() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = mUser_Limit($_REQUEST['id']); } else { - $DataJson = mUserList(); + $DataJson = User_ids(); } } /** * Get Shift */ -function getShift(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mShift( $_REQUEST['id']); +function getShift() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = Shift($_REQUEST['id']); } else { - $DataJson = mShiftList(); + $DataJson = Shifts_filtered(); } } /** + * @TODO: Why are ALL messages of ALL users returned? Data leak. It is not checked if this is my message! * Get Message */ -function getMessage(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mMessage( $_REQUEST['id']); +function getMessage() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = Message($_REQUEST['id']); } else { - $DataJson = mMessageList(); + $DataJson = Message_ids(); } } /** * Send Message */ -function sendMessage(){ - global $DataJson, $_REQUEST; - - if (!isset($_REQUEST['uid']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "uid".' ); - } - elseif (!isset($_REQUEST['text']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "text".' ); +function sendMessage() { + global $DataJson; + + if (! isset($_REQUEST['uid'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "uid".' + ); + } elseif (! isset($_REQUEST['text'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "text".' + ); } else { - if( mMessage_Send( $_REQUEST['uid'], $_REQUEST['text']) === true) { - $DataJson = array( 'status' => 'success'); + if (Message_send($_REQUEST['uid'], $_REQUEST['text']) === true) { + $DataJson = array( + 'status' => 'success' + ); } else { $DataJson = array( - 'status' => 'failed', - 'error' => 'Transmitting was terminated with an Error.'); + 'status' => 'failed', + 'error' => 'Transmitting was terminated with an Error.' + ); } } } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index d110f7a7..b2a04a17 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -13,7 +13,7 @@ function user_angeltypes_delete_all_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -50,7 +50,7 @@ function user_angeltypes_confirm_all_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -95,7 +95,7 @@ function user_angeltype_confirm_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($user_angeltype['angeltype_id']); + $angeltype = AngelType($user_angeltype['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -143,7 +143,7 @@ function user_angeltype_delete_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($user_angeltype['angeltype_id']); + $angeltype = AngelType($user_angeltype['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -194,7 +194,7 @@ function user_angeltype_add_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { diff --git a/includes/model/AngelType_model.php b/includes/model/AngelType_model.php index 22baa4a4..bc07ace7 100644 --- a/includes/model/AngelType_model.php +++ b/includes/model/AngelType_model.php @@ -80,7 +80,7 @@ function AngelTypes_with_user($user) { /** * Returns AngelType id array */ -function mAngelTypeList() { +function AngelType_ids() { $angelType_source = sql_select("SELECT `id` FROM `AngelTypes`"); if ($angelType_source === false) return false; @@ -95,7 +95,7 @@ function mAngelTypeList() { * @param $id angelType * ID */ -function mAngelType($id) { +function AngelType($id) { $angelType_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); if ($angelType_source === false) return false; diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index d42dca5f..1e1923e8 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -1,51 +1,49 @@ - 0) - return $message_source; - return null; -} - -/** - * Returns message by id. - * - * @param $id message ID - */ -function mMessage($id) { - $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - if ($message_source === false) - return false; - if (count($message_source) > 0) - return $message_source[0]; - return null; -} - - -/** - * send message - * - * @param $id User ID of Reciever - * @param $text Text of Message - */ -function mMessage_Send($id, $text) { - global $user; - - $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); - $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags( $id)); - - if (($text != "" && is_numeric($to)) && - (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) ) { - sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); - return true; - } else { - return false; - } - } - + */ +function Message_ids() { + return sql_select("SELECT `id` FROM `Messages`"); +} + +/** + * Returns message by id. + * + * @param $id message + * ID + */ +function Message($id) { + $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if ($message_source === false) + return false; + if (count($message_source) > 0) + return $message_source[0]; + return null; +} + +/** + * TODO: use validation functions, return new message id + * TODO: global $user con not be used in model! + * send message + * + * @param $id User + * ID of Reciever + * @param $text Text + * of Message + */ +function Message_send($id, $text) { + global $user; + + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); + $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id)); + + if (($text != "" && is_numeric($to)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0)) { + sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + return true; + } else { + return false; + } +} + ?> \ No newline at end of file diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php index 5b9c7a2a..c48abc78 100644 --- a/includes/model/Room_model.php +++ b/includes/model/Room_model.php @@ -3,7 +3,7 @@ /** * Returns room id array */ -function mRoomList() { +function Room_ids() { $room_source = sql_select("SELECT `RID` FROM `Room` WHERE `show` = 'Y'"); if ($room_source === false) return false; @@ -12,13 +12,12 @@ function mRoomList() { return null; } - /** * Returns room by id. * - * @param $id RID + * @param $id RID */ -function mRoom($id) { +function Room($id) { $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($id) . " AND `show` = 'Y' LIMIT 1"); if ($room_source === false) return false; @@ -27,5 +26,4 @@ function mRoom($id) { return null; } - ?> diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php index df47b967..8cd4b3c2 100644 --- a/includes/model/Shifts_model.php +++ b/includes/model/Shifts_model.php @@ -1,9 +1,10 @@ 0) - return $user_source; - return null; +function User_ids() { + return sql_select("SELECT `UID` FROM `User`"); } /** @@ -49,6 +44,7 @@ function User($id) { } /** + * TODO: Merge into normal user function * Returns user by id (limit informations. * * @param $id UID diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index f7647e78..7a05491c 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -23,7 +23,7 @@ function user_messages() { $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); $to_select_data = array( - "" => _("Select recipient...") + "" => _("Select recipient...") ); foreach ($users as $u) @@ -98,7 +98,7 @@ function user_messages() { break; case "send": - if( mMessage_Send( $_REQUEST['to'], $_REQUEST['text']) === true) { + if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) { redirect(page_link_to("user_messages")); } else { return error(_("Transmitting was terminated with an Error."), true); -- cgit v1.2.3-70-g09d2