From cbd23b7d191327a7cfb6a98e657659045da71af3 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 29 Apr 2016 20:55:59 +0200
Subject: Second half of merge....

---
 apis/statistics.inc.php       | 29 +++++++++++++++++++
 apis/webservice.inc.php       | 34 ++++++++++++++++++++++
 apis/webservice/getinfo.php   | 25 ++++++++++++++++
 apis/webservice/login.php     | 23 +++++++++++++++
 apis/webservice/newupload.php | 67 +++++++++++++++++++++++++++++++++++++++++++
 apis/webservice/upload.php    | 62 +++++++++++++++++++++++++++++++++++++++
 6 files changed, 240 insertions(+)
 create mode 100644 apis/statistics.inc.php
 create mode 100644 apis/webservice.inc.php
 create mode 100644 apis/webservice/getinfo.php
 create mode 100644 apis/webservice/login.php
 create mode 100644 apis/webservice/newupload.php
 create mode 100644 apis/webservice/upload.php

(limited to 'apis')

diff --git a/apis/statistics.inc.php b/apis/statistics.inc.php
new file mode 100644
index 00000000..2be805ba
--- /dev/null
+++ b/apis/statistics.inc.php
@@ -0,0 +1,29 @@
+<?php
+
+$NOW = time();
+$cutoff = $NOW - 86400*90;
+
+$res = Database::simpleQuery("SELECT m.machineuuid, m.locationid, m.macaddr, m.clientip, m.lastseen, m.logintime, m.mbram,"
+	. " m.kvmstate, m.cpumodel, m.systemmodel, m.id44mb, m.badsectors, m.hostname, GROUP_CONCAT(s.locationid) AS locs"
+	. " FROM machine m"
+	. " LEFT JOIN subnet s ON (INET_ATON(m.clientip) BETWEEN s.startaddr AND s.endaddr)"
+	. " WHERE m.lastseen > $cutoff"
+	. " GROUP BY m.machineuuid");
+
+$return = array(
+	'now' => $NOW,
+	'clients' => array(),
+	'locations' => Location::getLocationsAssoc()
+);
+while ($client = $res->fetch(PDO::FETCH_ASSOC)) {
+	if ($NOW - $client['lastseen'] > 610) {
+		$client['state'] = 'OFF';
+	} elseif ($client['logintime'] == 0) {
+		$client['state']  = 'IDLE';
+	} else {
+		$client['state'] = 'OCCUPIED';
+	}
+	$return['clients'][] = $client;
+}
+
+die(json_encode($return));
\ No newline at end of file
diff --git a/apis/webservice.inc.php b/apis/webservice.inc.php
new file mode 100644
index 00000000..42ff674b
--- /dev/null
+++ b/apis/webservice.inc.php
@@ -0,0 +1,34 @@
+<?php
+// print results, insert id or affected row count
+session_start();
+
+if(!isset($_POST['request'])){
+    echo json_encode(array(
+        "errormsg"=>"Request not set, finishing session",
+        "status" => "error",
+        "msg" => ""));
+    session_unset();
+    session_destroy();
+}else if($_POST['request']=='logout'){
+    echo json_encode(array(
+        "errormsg"=> "",
+        "status" => "ok",
+        "msg" => "Logout successful"));
+    session_unset();
+    session_destroy();
+
+}else {
+    $target_dir = "tmpUploads/";
+    $requests = array("login","getinfo","upload","newupload");
+    if( in_array($_POST['request'],$requests ))
+        require("webservice/".$_POST['request'].".php");
+    else{
+        echo json_encode(array(
+            "errormsg"=> "Request don't exist, finishing session",
+            "status" => "error",
+            "msg" => ""));
+        session_unset();
+        session_destroy();
+    }
+}
+//TODO: analyze session unset/destroy
diff --git a/apis/webservice/getinfo.php b/apis/webservice/getinfo.php
new file mode 100644
index 00000000..3404008e
--- /dev/null
+++ b/apis/webservice/getinfo.php
@@ -0,0 +1,25 @@
+<?php
+if(isset($_SESSION['userid'])){
+    $sql = "select user.login, user.fullname, user.email, cities.name from"
+        ." `user` left join cities on user.city=cities.cityid"
+        ." where user.userid= :userid";
+
+    $user=Database::queryFirst($sql, array("userid"=> $_SESSION['userid']));
+    $ret = array(
+        "login"=>$user['login'],
+        "name"=>$user['fullname'],
+        "email"=>$user['email'],
+        "city"=>$user['name'],
+        "errormsg" => "",
+        "status" => "ok",
+        "msg" => "Get informations of user successful"
+    );
+    echo json_encode($ret);
+
+}else{
+    echo json_encode(array(
+        "errormsg"=> "Not logged in",
+        "status" => "error",
+        "msg" => ""));
+}
+
diff --git a/apis/webservice/login.php b/apis/webservice/login.php
new file mode 100644
index 00000000..e21975af
--- /dev/null
+++ b/apis/webservice/login.php
@@ -0,0 +1,23 @@
+<?php
+$login = $_POST['login'];
+$sql = "select * from `user` WHERE login= :login";
+$user=Database::queryFirst($sql, array("login"=> $login));
+if($user){
+    if(Crypto::verify($_POST['passwd'],$user['passwd'])){
+        $_SESSION['userid']=$user['userid'];
+        echo json_encode(array(
+            "errormsg"=> "",
+            "status" => "ok",
+            "msg" => "Login successful"));
+    }else{
+        echo json_encode(array(
+            "errormsg"=> "Wrong passwd",
+            "status" => "error",
+            "msg" => ""));
+    }
+}else{
+    echo json_encode(array(
+        "errormsg"=> "User not found",
+        "status" => "error",
+        "msg" => ""));
+}
diff --git a/apis/webservice/newupload.php b/apis/webservice/newupload.php
new file mode 100644
index 00000000..b0e683c3
--- /dev/null
+++ b/apis/webservice/newupload.php
@@ -0,0 +1,67 @@
+<?php
+if(!isset($_SESSION['userid'])){
+    echo json_encode(array(
+        "errormsg"=>"Not logged in",
+        "status" => "error",
+        "msg" => ""));
+    die();
+}
+if(!isset($_POST['nparts'])){
+    echo json_encode(array(
+        "errormsg"=>"Number of parts isn't set",
+        "status" => "error",
+        "msg" => ""));
+    die();
+}
+
+function crypto_rand_secure($min, $max){
+    $range = $max - $min;
+    if ($range < 1) return $min; // not so random...
+    $log = ceil(log($range, 2));
+    $bytes = (int) ($log / 8) + 1; // length in bytes
+    $bits = (int) $log + 1; // length in bits
+    $filter = (int) (1 << $bits) - 1; // set all lower bits to 1
+    do {
+        $rnd = hexdec(bin2hex(openssl_random_pseudo_bytes($bytes)));
+        $rnd = $rnd & $filter; // discard irrelevant bits
+    } while ($rnd >= $range);
+    return $min + $rnd;
+}
+
+function getToken($length){
+    $token = "";
+    $codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    $codeAlphabet.= "abcdefghijklmnopqrstuvwxyz";
+    $codeAlphabet.= "0123456789";
+    $max = strlen($codeAlphabet) - 1;
+    for ($i=0; $i < $length; $i++) {
+        $token .= $codeAlphabet[crypto_rand_secure(0, $max)];
+    }
+    return $token;
+}
+$token=getToken(35);
+while(Database::queryFirst("select * from upload where `token`=:token", array(
+        "token" => $token))){
+    $token = getToken(35);
+}
+$okay=Database::exec("INSERT INTO upload(`userid`, `nparts`, `nremaining`, `token`)".
+   " values (:userid, :nparts, :nremaining, :token)", array(
+        "userid"=>$_SESSION['userid'],
+        "nparts"=>$_POST['nparts'],
+        "nremaining"=>$_POST['nparts'],
+        "token"=> $token
+    ));
+if($okay){
+    echo json_encode(array(
+        "uploadid"=>$token,
+        "errormsg"=>"",
+        "status" => "ok",
+        "msg" => "New upload succesful"));
+    mkdir($target_dir.$token."/",0755, true);
+}else{
+    echo json_encode(array(
+        "errormsg"=>"Error when saving new upload, please retry",
+        "status" => "error",
+        "msg" => ""));
+}
+
diff --git a/apis/webservice/upload.php b/apis/webservice/upload.php
new file mode 100644
index 00000000..50ada40e
--- /dev/null
+++ b/apis/webservice/upload.php
@@ -0,0 +1,62 @@
+<?php
+if(!isset($_POST['uploadid'])){
+    echo json_encode(array(
+        "errormsg"=>"Not logged in",
+        "status" => "error",
+        "msg" => ""));
+    die();
+}elseif (!isset($_FILES['fileToUpload'])){
+    echo json_encode(array(
+        "errormsg"=>"No file received",
+        "status" => "error",
+        "msg" => ""));
+    die();
+}
+
+$upload = Database::queryFirst("Select * from upload where token = :token",
+             array( "token" => $_POST['uploadid']));
+if($upload['userid']!= $_SESSION['userid']){
+    echo json_encode(array(
+        "errormsg"=>"Not same owner",
+        "status" => "error",
+        "msg" => ""));
+    die();
+}
+
+$name = $_FILES["fileToUpload"]["name"];
+$upload['nremaining'] = $upload['nremaining'] - 1;
+if ($upload['nremaining'] < 0){
+        echo json_encode(array(
+            "errormsg"=>"Already received all the parts",
+            "status" => "error",
+            "msg" => ""));
+        die();
+}
+$target_file = $target_dir.$_POST['uploadid']."/".$name;
+if(move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)){
+    $ret = Database::exec("UPDATE upload SET nremaining= :nremaining".
+        " WHERE id=:id", array(
+            "id"=>$upload['id'],
+            "nremaining"=>$upload['nremaining']
+    ));
+    if ($upload['nremaining'] == 0) {
+        echo json_encode(array(
+            "errormsg"=>"",
+            "status" => "ok",
+            "msg" => "Upload successful, sending to taskmanager"));
+        //passa pro taskmanager;
+        die();
+    }else{
+        echo json_encode(array(
+            "errormsg"=>"",
+            "status" => "ok",
+            "msg" => "Upload successful, waiting next part"));
+        die();
+    }
+} else {
+    echo json_encode(array(
+        "errormsg"=>"",
+        "status" => "error",
+        "msg" => "Error on upload, please resend"));
+}
+
-- 
cgit v1.2.3-55-g7522