06fbd764 |
<?php
/**
* Copyright (C) 2021 Double Bastion LLC
*
* This file is part of Roundpin, which is licensed under the
* GNU Affero General Public License Version 3.0. The license terms
* are detailed in the "LICENSE.txt" file located in the root directory.
*/
session_start();
if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
define('ACCESSCONST', TRUE);
require('db-connect.php');
$username = $_POST['username'];
$wssServer = $_POST['wss_server'];
$webSocketPort = $_POST['web_socket_port'];
$serverPath = $_POST['server_path'];
$profileName = $_POST['profile_name'];
$sipUsername = $_POST['sip_username'];
$sipPasswordPre = $_POST['sip_password'];
$stunServer = $_POST['stun_server'];
$audioOutputId = $_POST['audio_output_id'];
$videoSrcId = $_POST['video_src_id'];
$videoHeight = $_POST['video_height'];
$frameRate = $_POST['frame_rate'];
$aspectRatio = $_POST['aspect_ratio'];
$videoOrientation = $_POST['video_orientation'];
$audioSrcId = $_POST['audio_src_id'];
$autoGainControl = $_POST['auto_gain_control'];
$echoCancellation = $_POST['echo_cancellation'];
$noiseSuppression = $_POST['noise_suppression'];
$ringOutputId = $_POST['ring_output_id'];
$videoConfExtension = $_POST['video_conf_extension'];
$videoConfWindowWidth = $_POST['video_conf_window_width'];
$profilePicture = $_POST['profile_picture'];
$notifications = $_POST['notifications'];
$useRoundcube = $_POST['use_roundcube'];
$rcDomain = $_POST['rcdomain'];
$rcBasicAuthUser = $_POST['rcbasicauthuser'];
$rcBasicAuthPass = $_POST['rcbasicauthpass'];
$rcUser = $_POST['rcuser'];
$rcPassword = $_POST['rcpassword'];
// Encrypt the SIP password, Roundcube password (if any) and Roundcube basic auth password (if any), before inserting them into the database
if ($sipPasswordPre != '' && $sipPasswordPre != "%20%20%20%20%20%20%20") {
$keypass = substr(sha1(mt_rand()), 0, 32);
$keysalt = openssl_random_pseudo_bytes(12);
$generated_key = openssl_pbkdf2($keypass, $keysalt, 40, 100, 'sha256');
$psswdadded = bin2hex($generated_key);
if (!is_dir('restr')) {
mkdir('restr', 0700);
}
if (!is_dir('restr/'.$username.'')) {
mkdir('restr/'.$username.'', 0700);
}
file_put_contents('restr/'.$username.'/pwdkey', $psswdadded);
chmod('restr/'.$username.'/pwdkey', 0600);
$iv = substr(sha1(mt_rand()), 0, 16);
$encpwdin = openssl_encrypt($sipPasswordPre, 'AES-256-CBC', $psswdadded, false, $iv);
$sipPasswordEnc = $encpwdin.':'.$iv;
} elseif ($sipPasswordPre == "%20%20%20%20%20%20%20") {
$queryselsippass = $mysqli->query("SELECT username, sip_password, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
$sippassarr = $queryselsippass->fetch_assoc();
$sipPasswordEnc = $sippassarr['sip_password'];
} elseif ($sipPasswordPre == '') {
$sipPasswordEnc = '';
} else { $sipPasswordEnc = ''; }
if ($rcBasicAuthPass != '' && $rcBasicAuthPass != "%20%20%20%20%20%20%20") {
$keypassrcba = substr(sha1(mt_rand()), 0, 32);
$keysaltrcba = openssl_random_pseudo_bytes(12);
$generated_keyrcba = openssl_pbkdf2($keypassrcba, $keysaltrcba, 40, 100, 'sha256');
$psswdaddedrcba = bin2hex($generated_keyrcba);
if (!is_dir('restr')) {
mkdir('restr', 0700);
}
if (!is_dir('restr/'.$username.'')) {
mkdir('restr/'.$username.'', 0700);
}
file_put_contents('restr/'.$username.'/pwdkeyrcba', $psswdaddedrcba);
chmod('restr/'.$username.'/pwdkeyrcba', 0600);
$iv2 = substr(sha1(mt_rand()), 0, 16);
$encRcBasicAuthPass = openssl_encrypt($rcBasicAuthPass, 'AES-256-CBC', $psswdaddedrcba, false, $iv2);
$rcBasicAuthPassEnc = $encRcBasicAuthPass.':'.$iv2;
} elseif ($rcBasicAuthPass == "%20%20%20%20%20%20%20") {
$queryselrcbapass = $mysqli->query("SELECT username, rcbasicauthpass, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
$rcbapassarr = $queryselrcbapass->fetch_assoc();
$rcBasicAuthPassEnc = $rcbapassarr['rcbasicauthpass'];
} elseif ($rcBasicAuthPass == '') {
$rcBasicAuthPassEnc = '';
} else { $rcBasicAuthPassEnc = ''; }
if ($rcPassword != '' && $rcPassword != "%20%20%20%20%20%20%20") {
$keypassrc = substr(sha1(mt_rand()), 0, 32);
$keysaltrc = openssl_random_pseudo_bytes(12);
$generated_keyrc = openssl_pbkdf2($keypassrc, $keysaltrc, 40, 100, 'sha256');
$psswdaddedrc = bin2hex($generated_keyrc);
if (!is_dir('restr')) {
mkdir('restr', 0700);
}
if (!is_dir('restr/'.$username.'')) {
mkdir('restr/'.$username.'', 0700);
}
file_put_contents('restr/'.$username.'/pwdkeyrc', $psswdaddedrc);
chmod('restr/'.$username.'/pwdkeyrc', 0600);
$iv3 = substr(sha1(mt_rand()), 0, 16);
$encRcPassword = openssl_encrypt($rcPassword, 'AES-256-CBC', $psswdaddedrc, false, $iv3);
$rcPasswordEnc = $encRcPassword.':'.$iv3;
} elseif ($rcPassword == "%20%20%20%20%20%20%20") {
$queryselrcpass = $mysqli->query("SELECT username, rcpassword, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
$rcpassarr = $queryselrcpass->fetch_assoc();
$rcPasswordEnc = $rcpassarr['rcpassword'];
} elseif ($rcPassword == '') {
$rcPasswordEnc = '';
} else { $rcPasswordEnc = ''; }
// Insert account data for the current user in the 'app_users' table
$enabled = 1;
$query1 = $mysqli->prepare("UPDATE `app_users` SET `wss_server`=?, `web_socket_port`=?, `server_path`=?, `profile_name`=?, `sip_username`=?, `sip_password`=?, `stun_server`=?,
`audio_output_id`=?, `video_src_id`=?, `video_height`=?, `frame_rate`=?, `aspect_ratio`=?, `video_orientation`=?, `audio_src_id`=?, `auto_gain_control`=?,
`echo_cancellation`=?, `noise_suppression`=?, `ring_output_id`=?, `video_conf_extension`=?, `video_conf_window_width`=?, `profile_picture`=?,
`notifications`=?, `use_roundcube`=?, `rcdomain`=?, `rcbasicauthuser`=?, `rcbasicauthpass`=?, `rcuser`=?, `rcpassword`=? WHERE BINARY `username`=? AND `enabled`=?");
$query1->bind_param("sissssssssissssssssssiissssssi", $wssServer, $webSocketPort, $serverPath, $profileName, $sipUsername, $sipPasswordEnc, $stunServer, $audioOutputId,
$videoSrcId, $videoHeight, $frameRate, $aspectRatio, $videoOrientation, $audioSrcId, $autoGainControl, $echoCancellation, $noiseSuppression,
$ringOutputId, $videoConfExtension, $videoConfWindowWidth, $profilePicture, $notifications, $useRoundcube, $rcDomain, $rcBasicAuthUser, $rcBasicAuthPassEnc,
$rcUser, $rcPasswordEnc, $username, $enabled);
if ($query1->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; }
$response = array('result' => $messagetosend);
echo json_encode($response);
} else {
header("Location: roundpin-login.php");
}
?>
|