<?php
/**
 *  Copyright (C) 2021  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {


 define('ACCESSCONST', TRUE);

 require('db-connect.php');

    $username = $_POST['username'];
    $wssServer = $_POST['wss_server'];
    $webSocketPort = $_POST['web_socket_port'];
    $serverPath = $_POST['server_path'];
    $profileName = $_POST['profile_name'];
    $sipUsername = $_POST['sip_username'];
    $sipPasswordPre = $_POST['sip_password'];
    $stunServer = $_POST['stun_server'];
    $audioOutputId = $_POST['audio_output_id'];
    $videoSrcId = $_POST['video_src_id'];
    $videoHeight = $_POST['video_height'];
    $frameRate = $_POST['frame_rate'];
    $aspectRatio = $_POST['aspect_ratio'];
    $videoOrientation = $_POST['video_orientation'];
    $audioSrcId = $_POST['audio_src_id'];
    $autoGainControl = $_POST['auto_gain_control'];
    $echoCancellation = $_POST['echo_cancellation'];
    $noiseSuppression = $_POST['noise_suppression'];
    $ringOutputId = $_POST['ring_output_id'];
    $videoConfExtension = $_POST['video_conf_extension'];
    $videoConfWindowWidth = $_POST['video_conf_window_width'];
    $profilePicture = $_POST['profile_picture'];
    $notifications = $_POST['notifications'];
    $useRoundcube = $_POST['use_roundcube'];
    $rcDomain = $_POST['rcdomain'];
    $rcBasicAuthUser = $_POST['rcbasicauthuser'];
    $rcBasicAuthPass = $_POST['rcbasicauthpass'];
    $rcUser = $_POST['rcuser'];
    $rcPassword = $_POST['rcpassword'];

    // Encrypt the SIP password, Roundcube password (if any) and Roundcube basic auth password (if any), before inserting them into the database
    if ($sipPasswordPre != '' && $sipPasswordPre != "%20%20%20%20%20%20%20") {

        $keypass = substr(sha1(mt_rand()), 0, 32);
        $keysalt = openssl_random_pseudo_bytes(12);
        $generated_key = openssl_pbkdf2($keypass, $keysalt, 40, 100, 'sha256');
        $psswdadded = bin2hex($generated_key);

        if (!is_dir('restr')) {
            mkdir('restr', 0700);
        }

        if (!is_dir('restr/'.$username.'')) {
            mkdir('restr/'.$username.'', 0700);
        }

        file_put_contents('restr/'.$username.'/pwdkey', $psswdadded);
        chmod('restr/'.$username.'/pwdkey', 0600);

        $iv = substr(sha1(mt_rand()), 0, 16);
        $encpwdin = openssl_encrypt($sipPasswordPre, 'AES-256-CBC', $psswdadded, false, $iv);
        $sipPasswordEnc = $encpwdin.':'.$iv;

    } elseif ($sipPasswordPre == "%20%20%20%20%20%20%20") { 

              $queryselsippass = $mysqli->query("SELECT username, sip_password, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
              $sippassarr = $queryselsippass->fetch_assoc();
              $sipPasswordEnc = $sippassarr['sip_password']; 

    } elseif ($sipPasswordPre == '') { 
              $sipPasswordEnc = ''; 
    } else { $sipPasswordEnc = ''; }


    if ($rcBasicAuthPass != '' && $rcBasicAuthPass != "%20%20%20%20%20%20%20") {

        $keypassrcba = substr(sha1(mt_rand()), 0, 32);
        $keysaltrcba = openssl_random_pseudo_bytes(12);
        $generated_keyrcba = openssl_pbkdf2($keypassrcba, $keysaltrcba, 40, 100, 'sha256');
        $psswdaddedrcba = bin2hex($generated_keyrcba);

        if (!is_dir('restr')) {
            mkdir('restr', 0700);
        }

        if (!is_dir('restr/'.$username.'')) {
            mkdir('restr/'.$username.'', 0700);
        }

        file_put_contents('restr/'.$username.'/pwdkeyrcba', $psswdaddedrcba);
        chmod('restr/'.$username.'/pwdkeyrcba', 0600);

        $iv2 = substr(sha1(mt_rand()), 0, 16);
        $encRcBasicAuthPass = openssl_encrypt($rcBasicAuthPass, 'AES-256-CBC', $psswdaddedrcba, false, $iv2);
        $rcBasicAuthPassEnc = $encRcBasicAuthPass.':'.$iv2;

    } elseif ($rcBasicAuthPass == "%20%20%20%20%20%20%20") { 
              $queryselrcbapass = $mysqli->query("SELECT username, rcbasicauthpass, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
              $rcbapassarr = $queryselrcbapass->fetch_assoc();
              $rcBasicAuthPassEnc = $rcbapassarr['rcbasicauthpass']; 
    } elseif ($rcBasicAuthPass == '') { 
              $rcBasicAuthPassEnc = ''; 
    } else { $rcBasicAuthPassEnc = ''; }


    if ($rcPassword != '' && $rcPassword != "%20%20%20%20%20%20%20") {

        $keypassrc = substr(sha1(mt_rand()), 0, 32);
        $keysaltrc = openssl_random_pseudo_bytes(12);
        $generated_keyrc = openssl_pbkdf2($keypassrc, $keysaltrc, 40, 100, 'sha256');
        $psswdaddedrc = bin2hex($generated_keyrc);

        if (!is_dir('restr')) {
            mkdir('restr', 0700);
        }

        if (!is_dir('restr/'.$username.'')) {
            mkdir('restr/'.$username.'', 0700);
        }

        file_put_contents('restr/'.$username.'/pwdkeyrc', $psswdaddedrc);
        chmod('restr/'.$username.'/pwdkeyrc', 0600);

        $iv3 = substr(sha1(mt_rand()), 0, 16);
        $encRcPassword = openssl_encrypt($rcPassword, 'AES-256-CBC', $psswdaddedrc, false, $iv3);
        $rcPasswordEnc = $encRcPassword.':'.$iv3;

    } elseif ($rcPassword == "%20%20%20%20%20%20%20") { 
              $queryselrcpass = $mysqli->query("SELECT username, rcpassword, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
              $rcpassarr = $queryselrcpass->fetch_assoc();
              $rcPasswordEnc = $rcpassarr['rcpassword']; 
    } elseif ($rcPassword == '') { 
              $rcPasswordEnc = ''; 
    } else { $rcPasswordEnc = ''; }

    // Insert account data for the current user in the 'app_users' table
    $enabled = 1;
    $query1 = $mysqli->prepare("UPDATE `app_users` SET `wss_server`=?, `web_socket_port`=?, `server_path`=?, `profile_name`=?, `sip_username`=?, `sip_password`=?, `stun_server`=?,
                                `audio_output_id`=?, `video_src_id`=?, `video_height`=?, `frame_rate`=?, `aspect_ratio`=?, `video_orientation`=?, `audio_src_id`=?, `auto_gain_control`=?,
                                `echo_cancellation`=?, `noise_suppression`=?, `ring_output_id`=?, `video_conf_extension`=?, `video_conf_window_width`=?, `profile_picture`=?,
                                `notifications`=?, `use_roundcube`=?, `rcdomain`=?, `rcbasicauthuser`=?, `rcbasicauthpass`=?, `rcuser`=?, `rcpassword`=? WHERE BINARY `username`=? AND `enabled`=?");
    $query1->bind_param("sissssssssissssssssssiissssssi", $wssServer, $webSocketPort, $serverPath, $profileName, $sipUsername, $sipPasswordEnc, $stunServer, $audioOutputId,
                         $videoSrcId, $videoHeight, $frameRate, $aspectRatio, $videoOrientation, $audioSrcId, $autoGainControl, $echoCancellation, $noiseSuppression,
                         $ringOutputId, $videoConfExtension, $videoConfWindowWidth, $profilePicture, $notifications, $useRoundcube, $rcDomain, $rcBasicAuthUser, $rcBasicAuthPassEnc, 
                         $rcUser, $rcPasswordEnc, $username, $enabled);
    if ($query1->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; }

    $response = array('result' => $messagetosend);
    echo json_encode($response);

} else {
    header("Location: roundpin-login.php");
}

?>