diff options
| author | Simon Rettberg | 2019-02-21 11:09:17 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2019-02-21 11:09:17 +0100 |
| commit | 67c915aa7094a32b0dfdd4ef60382bb1d3eeb506 (patch) | |
| tree | 89e1222a4bd6ed6076e739e151b3af5a80c4aff8 /modules-available/statistics/api.inc.php | |
| parent | AAAAAnd I'm retarded (diff) | |
| download | slx-admin-67c915aa7094a32b0dfdd4ef60382bb1d3eeb506.tar.gz slx-admin-67c915aa7094a32b0dfdd4ef60382bb1d3eeb506.tar.xz slx-admin-67c915aa7094a32b0dfdd4ef60382bb1d3eeb506.zip | |
Fix UUID handling; refactor constraints for machineuuid
Diffstat (limited to 'modules-available/statistics/api.inc.php')
| -rw-r--r-- | modules-available/statistics/api.inc.php | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/modules-available/statistics/api.inc.php b/modules-available/statistics/api.inc.php index d4b8f346..19ae3cb6 100644 --- a/modules-available/statistics/api.inc.php +++ b/modules-available/statistics/api.inc.php @@ -14,23 +14,20 @@ if (substr($ip, 0, 7) === '::ffff:') $ip = substr($ip, 7); if ($type{0} === '~') { // UUID is mandatory $uuid = Request::post('uuid', '', 'string'); - if (strlen($uuid) !== 36) die("Invalid UUID.\n"); - $macaddr = Request::post('macaddr', '', 'string'); - if (!empty($macaddr) && substr($uuid, 0, 16) === '000000000000001-') { - // Override uuid if the mac is known and unique - $res = Database::simpleQuery('SELECT machineuuid FROM machine WHERE macaddr = :macaddr AND machineuuid <> :uuid', compact('macaddr', 'uuid')); - $override = false; - while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - if ($override !== false) { - $override = false; - break; - } - $override = $row['machineuuid']; - } - if ($override !== false) { - $uuid = $override; + $macaddr = Request::post('macaddr', false, 'string'); + if ($macaddr !== false) { + $macaddr = strtolower(str_replace(':', '-', $macaddr)); + if (strlen($macaddr) !== 17 || $macaddr{2} !== '-') { + $macaddr = false; } } + if ($macaddr !== false && $uuid{8} !== '-' && substr($uuid, 0, 16) === '000000000000001-') { + $uuid = 'baad1d00-9491-4716-b98b-' . str_replace('-', '', $macaddr); + } + if (strlen($uuid) !== 36 || !preg_match('/^[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$/i', $uuid)) { + die("Invalid UUID.\n"); + } + $uuid = strtoupper($uuid); // External mode of operation? $mode = Request::post('mode', false, 'string'); $NOW = time(); @@ -45,7 +42,7 @@ if ($type{0} === '~') { if ($mode === false && $type === '~poweron') { // Poweron & hw stats $uptime = Request::post('uptime', 0, 'integer'); - if (strlen($macaddr) > 17) die("Invalid MAC.\n"); + if ($macaddr === false) die("No/Invalid MAC address.\n"); if ($uptime < 0 || $uptime > 4000000) die("Implausible uptime.\n"); $realcores = Request::post('realcores', 0, 'integer'); if ($realcores < 0 || $realcores > 512) $realcores = 0; |