save-update-settings.php
06fbd764 
 <?php
 /**
  *  Copyright (C) 2021  Double Bastion LLC
  *
  *  This file is part of Roundpin, which is licensed under the
  *  GNU Affero General Public License Version 3.0. The license terms
  *  are detailed in the "LICENSE.txt" file located in the root directory.
  */
 
 session_start();
 
 if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
 
 
  define('ACCESSCONST', TRUE);
 
  require('db-connect.php');
 
     $username = $_POST['username'];
     $wssServer = $_POST['wss_server'];
     $webSocketPort = $_POST['web_socket_port'];
     $serverPath = $_POST['server_path'];
     $profileName = $_POST['profile_name'];
     $sipUsername = $_POST['sip_username'];
     $sipPasswordPre = $_POST['sip_password'];
     $stunServer = $_POST['stun_server'];
     $audioOutputId = $_POST['audio_output_id'];
     $videoSrcId = $_POST['video_src_id'];
     $videoHeight = $_POST['video_height'];
     $frameRate = $_POST['frame_rate'];
     $aspectRatio = $_POST['aspect_ratio'];
     $videoOrientation = $_POST['video_orientation'];
     $audioSrcId = $_POST['audio_src_id'];
     $autoGainControl = $_POST['auto_gain_control'];
     $echoCancellation = $_POST['echo_cancellation'];
     $noiseSuppression = $_POST['noise_suppression'];
     $ringOutputId = $_POST['ring_output_id'];
     $videoConfExtension = $_POST['video_conf_extension'];
     $videoConfWindowWidth = $_POST['video_conf_window_width'];
     $profilePicture = $_POST['profile_picture'];
     $notifications = $_POST['notifications'];
     $useRoundcube = $_POST['use_roundcube'];
     $rcDomain = $_POST['rcdomain'];
     $rcBasicAuthUser = $_POST['rcbasicauthuser'];
     $rcBasicAuthPass = $_POST['rcbasicauthpass'];
     $rcUser = $_POST['rcuser'];
     $rcPassword = $_POST['rcpassword'];
 
     // Encrypt the SIP password, Roundcube password (if any) and Roundcube basic auth password (if any), before inserting them into the database
     if ($sipPasswordPre != '' && $sipPasswordPre != "%20%20%20%20%20%20%20") {
 
         $keypass = substr(sha1(mt_rand()), 0, 32);
         $keysalt = openssl_random_pseudo_bytes(12);
         $generated_key = openssl_pbkdf2($keypass, $keysalt, 40, 100, 'sha256');
         $psswdadded = bin2hex($generated_key);
 
         if (!is_dir('restr')) {
             mkdir('restr', 0700);
         }
 
         if (!is_dir('restr/'.$username.'')) {
             mkdir('restr/'.$username.'', 0700);
         }
 
         file_put_contents('restr/'.$username.'/pwdkey', $psswdadded);
         chmod('restr/'.$username.'/pwdkey', 0600);
 
         $iv = substr(sha1(mt_rand()), 0, 16);
         $encpwdin = openssl_encrypt($sipPasswordPre, 'AES-256-CBC', $psswdadded, false, $iv);
         $sipPasswordEnc = $encpwdin.':'.$iv;
 
     } elseif ($sipPasswordPre == "%20%20%20%20%20%20%20") { 
 
               $queryselsippass = $mysqli->query("SELECT username, sip_password, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
               $sippassarr = $queryselsippass->fetch_assoc();
               $sipPasswordEnc = $sippassarr['sip_password']; 
 
     } elseif ($sipPasswordPre == '') { 
               $sipPasswordEnc = ''; 
     } else { $sipPasswordEnc = ''; }
 
 
     if ($rcBasicAuthPass != '' && $rcBasicAuthPass != "%20%20%20%20%20%20%20") {
 
         $keypassrcba = substr(sha1(mt_rand()), 0, 32);
         $keysaltrcba = openssl_random_pseudo_bytes(12);
         $generated_keyrcba = openssl_pbkdf2($keypassrcba, $keysaltrcba, 40, 100, 'sha256');
         $psswdaddedrcba = bin2hex($generated_keyrcba);
 
         if (!is_dir('restr')) {
             mkdir('restr', 0700);
         }
 
         if (!is_dir('restr/'.$username.'')) {
             mkdir('restr/'.$username.'', 0700);
         }
 
         file_put_contents('restr/'.$username.'/pwdkeyrcba', $psswdaddedrcba);
         chmod('restr/'.$username.'/pwdkeyrcba', 0600);
 
         $iv2 = substr(sha1(mt_rand()), 0, 16);
         $encRcBasicAuthPass = openssl_encrypt($rcBasicAuthPass, 'AES-256-CBC', $psswdaddedrcba, false, $iv2);
         $rcBasicAuthPassEnc = $encRcBasicAuthPass.':'.$iv2;
 
     } elseif ($rcBasicAuthPass == "%20%20%20%20%20%20%20") { 
               $queryselrcbapass = $mysqli->query("SELECT username, rcbasicauthpass, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
               $rcbapassarr = $queryselrcbapass->fetch_assoc();
               $rcBasicAuthPassEnc = $rcbapassarr['rcbasicauthpass']; 
     } elseif ($rcBasicAuthPass == '') { 
               $rcBasicAuthPassEnc = ''; 
     } else { $rcBasicAuthPassEnc = ''; }
 
 
     if ($rcPassword != '' && $rcPassword != "%20%20%20%20%20%20%20") {
 
         $keypassrc = substr(sha1(mt_rand()), 0, 32);
         $keysaltrc = openssl_random_pseudo_bytes(12);
         $generated_keyrc = openssl_pbkdf2($keypassrc, $keysaltrc, 40, 100, 'sha256');
         $psswdaddedrc = bin2hex($generated_keyrc);
 
         if (!is_dir('restr')) {
             mkdir('restr', 0700);
         }
 
         if (!is_dir('restr/'.$username.'')) {
             mkdir('restr/'.$username.'', 0700);
         }
 
         file_put_contents('restr/'.$username.'/pwdkeyrc', $psswdaddedrc);
         chmod('restr/'.$username.'/pwdkeyrc', 0600);
 
         $iv3 = substr(sha1(mt_rand()), 0, 16);
         $encRcPassword = openssl_encrypt($rcPassword, 'AES-256-CBC', $psswdaddedrc, false, $iv3);
         $rcPasswordEnc = $encRcPassword.':'.$iv3;
 
     } elseif ($rcPassword == "%20%20%20%20%20%20%20") { 
               $queryselrcpass = $mysqli->query("SELECT username, rcpassword, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
               $rcpassarr = $queryselrcpass->fetch_assoc();
               $rcPasswordEnc = $rcpassarr['rcpassword']; 
     } elseif ($rcPassword == '') { 
               $rcPasswordEnc = ''; 
     } else { $rcPasswordEnc = ''; }
 
     // Insert account data for the current user in the 'app_users' table
     $enabled = 1;
     $query1 = $mysqli->prepare("UPDATE `app_users` SET `wss_server`=?, `web_socket_port`=?, `server_path`=?, `profile_name`=?, `sip_username`=?, `sip_password`=?, `stun_server`=?,
                                 `audio_output_id`=?, `video_src_id`=?, `video_height`=?, `frame_rate`=?, `aspect_ratio`=?, `video_orientation`=?, `audio_src_id`=?, `auto_gain_control`=?,
                                 `echo_cancellation`=?, `noise_suppression`=?, `ring_output_id`=?, `video_conf_extension`=?, `video_conf_window_width`=?, `profile_picture`=?,
                                 `notifications`=?, `use_roundcube`=?, `rcdomain`=?, `rcbasicauthuser`=?, `rcbasicauthpass`=?, `rcuser`=?, `rcpassword`=? WHERE BINARY `username`=? AND `enabled`=?");
     $query1->bind_param("sissssssssissssssssssiissssssi", $wssServer, $webSocketPort, $serverPath, $profileName, $sipUsername, $sipPasswordEnc, $stunServer, $audioOutputId,
                          $videoSrcId, $videoHeight, $frameRate, $aspectRatio, $videoOrientation, $audioSrcId, $autoGainControl, $echoCancellation, $noiseSuppression,
                          $ringOutputId, $videoConfExtension, $videoConfWindowWidth, $profilePicture, $notifications, $useRoundcube, $rcDomain, $rcBasicAuthUser, $rcBasicAuthPassEnc, 
                          $rcUser, $rcPasswordEnc, $username, $enabled);
     if ($query1->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; }
 
     $response = array('result' => $messagetosend);
     echo json_encode($response);
 
 } else {
     header("Location: roundpin-login.php");
 }
 
 ?>