From 239c2b168411c110b1f884f6ef0df172cb913b4b Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Tue, 7 Jan 2014 15:50:16 +0100 Subject: reviewed cookies api --- includes/controller/angeltypes_controller.php | 6 +- includes/controller/api.php | 252 +++++++++++---------- includes/controller/user_angeltypes_controller.php | 10 +- 3 files changed, 141 insertions(+), 127 deletions(-) (limited to 'includes/controller') diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 03c9651d..8b1783f2 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -38,7 +38,7 @@ function angeltype_delete_controller() { if (! in_array('admin_angel_types', $privileges)) redirect(page_link_to('angeltypes')); - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) @@ -69,7 +69,7 @@ function angeltype_edit_controller() { $name = ""; $restricted = false; if (isset($_REQUEST['angeltype_id'])) { - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) @@ -127,7 +127,7 @@ function angeltype_controller() { if (! isset($_REQUEST['angeltype_id'])) redirect(page_link_to('angeltypes')); - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) diff --git a/includes/controller/api.php b/includes/controller/api.php index 3c87e5b4..4403b984 100644 --- a/includes/controller/api.php +++ b/includes/controller/api.php @@ -1,6 +1,5 @@ 'failed', - 'error' => 'Missing parameter "key".' ))); - - // check API key + die(json_encode(array( + 'status' => 'failed', + 'error' => 'Missing parameter "key".' + ))); + + // check API key $user = User_by_api_key($key); if ($user === false) - die( json_encode( array ( - 'status' => 'failed', - 'error' => 'Unable to find user' ))); + die(json_encode(array( + 'status' => 'failed', + 'error' => 'Unable to find user' + ))); if ($user == null) - die( json_encode( array ( - 'status' => 'failed', - 'error' => 'Key invalid.' ))); - - // decode command - switch( $cmd) { + die(json_encode(array( + 'status' => 'failed', + 'error' => 'Key invalid.' + ))); + + // decode command + switch ($cmd) { case 'getroom': getRoom(); break; @@ -162,34 +163,39 @@ function api_controller() { getAngelType(); break; case 'getuser': - getUser(); + // TODO Dataleak! Only coordinators are allowed to see so much user informations. + //getUser(); break; case 'getshift': getShift(); break; case 'getmessage': - getMessage(); + // TODO Dataleak! + //getMessage(); break; case 'sendmessage': sendMessage(); break; default: - $DataJson = array ( + $DataJson = array( 'status' => 'failed', - 'error' => 'Unknown Command "'. $cmd. '"' ); + 'error' => 'Unknown Command "' . $cmd . '"' + ); } - + // check - if( $DataJson === false) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'DataJson === false' ); - } elseif( $DataJson == null) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'DataJson == null' ); + if ($DataJson === false) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'DataJson === false' + ); + } elseif ($DataJson == null) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'DataJson == null' + ); } - + echo json_encode($DataJson); die(); } @@ -197,143 +203,151 @@ function api_controller() { /** * Get Version of API */ -function getVersion(){ +function getVersion() { global $DataJson; - + $DataJson = array( - 'status' => 'success', - 'Version' => 1); + 'status' => 'success', + 'Version' => 1 + ); } - /** * Get API Key */ -function getApiKey(){ - global $DataJson, $_REQUEST; - - if (!isset($_REQUEST['user']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "user".' ); - } - elseif (!isset($_REQUEST['pw']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "pw".' ); +function getApiKey() { + global $DataJson; + + if (! isset($_REQUEST['user'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "user".' + ); + } elseif (! isset($_REQUEST['pw'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "pw".' + ); } else { - $Erg = sql_select( "SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); - + $Erg = sql_select("SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); + if (count($Erg) == 1) { $Erg = $Erg[0]; - if (verify_password( $_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { + if (verify_password($_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { $key = $Erg["api_key"]; $DataJson = array( - 'status' => 'success', - 'Key' => $key); + 'status' => 'success', + 'Key' => $key + ); } else { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'PW wrong' ); + $DataJson = array( + 'status' => 'failed', + 'error' => 'PW wrong' + ); } } else { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'User not found.' ); + $DataJson = array( + 'status' => 'failed', + 'error' => 'User not found.' + ); } } - + sleep(1); } - /** * Get Room */ -function getRoom(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mRoom( $_REQUEST['id']); +function getRoom() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = Room($_REQUEST['id']); } else { - $DataJson = mRoomList(); + $DataJson = Room_ids(); } } /** * Get AngelType */ -function getAngelType(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mAngelType( $_REQUEST['id']); +function getAngelType() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = AngelType($_REQUEST['id']); } else { - $DataJson = mAngelTypeList(); + $DataJson = AngelType_ids(); } } /** * Get User */ -function getUser(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mUser_Limit( $_REQUEST['id']); +function getUser() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = mUser_Limit($_REQUEST['id']); } else { - $DataJson = mUserList(); + $DataJson = User_ids(); } } /** * Get Shift */ -function getShift(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mShift( $_REQUEST['id']); +function getShift() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = Shift($_REQUEST['id']); } else { - $DataJson = mShiftList(); + $DataJson = Shifts_filtered(); } } /** + * @TODO: Why are ALL messages of ALL users returned? Data leak. It is not checked if this is my message! * Get Message */ -function getMessage(){ - global $DataJson, $_REQUEST; - - if (isset($_REQUEST['id']) ) { - $DataJson = mMessage( $_REQUEST['id']); +function getMessage() { + global $DataJson; + + if (isset($_REQUEST['id'])) { + $DataJson = Message($_REQUEST['id']); } else { - $DataJson = mMessageList(); + $DataJson = Message_ids(); } } /** * Send Message */ -function sendMessage(){ - global $DataJson, $_REQUEST; - - if (!isset($_REQUEST['uid']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "uid".' ); - } - elseif (!isset($_REQUEST['text']) ) { - $DataJson = array ( - 'status' => 'failed', - 'error' => 'Missing parameter "text".' ); +function sendMessage() { + global $DataJson; + + if (! isset($_REQUEST['uid'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "uid".' + ); + } elseif (! isset($_REQUEST['text'])) { + $DataJson = array( + 'status' => 'failed', + 'error' => 'Missing parameter "text".' + ); } else { - if( mMessage_Send( $_REQUEST['uid'], $_REQUEST['text']) === true) { - $DataJson = array( 'status' => 'success'); + if (Message_send($_REQUEST['uid'], $_REQUEST['text']) === true) { + $DataJson = array( + 'status' => 'success' + ); } else { $DataJson = array( - 'status' => 'failed', - 'error' => 'Transmitting was terminated with an Error.'); + 'status' => 'failed', + 'error' => 'Transmitting was terminated with an Error.' + ); } } } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index d110f7a7..b2a04a17 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -13,7 +13,7 @@ function user_angeltypes_delete_all_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -50,7 +50,7 @@ function user_angeltypes_confirm_all_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -95,7 +95,7 @@ function user_angeltype_confirm_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($user_angeltype['angeltype_id']); + $angeltype = AngelType($user_angeltype['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -143,7 +143,7 @@ function user_angeltype_delete_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($user_angeltype['angeltype_id']); + $angeltype = AngelType($user_angeltype['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { @@ -194,7 +194,7 @@ function user_angeltype_add_controller() { redirect(page_link_to('angeltypes')); } - $angeltype = mAngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) engelsystem_error("Unable to load angeltype."); if ($angeltype == null) { -- cgit v1.2.3-54-g00ecf