new file mode 100644

@@ -0,0 +1,54 @@

+<?php

+/**

+ *  Copyright (C) 2021  Double Bastion LLC

+ *

+ *  This file is part of Roundpin, which is licensed under the

+ *  GNU Affero General Public License Version 3.0. The license terms

+ *  are detailed in the "LICENSE.txt" file located in the root directory.

+ */

+

+session_start();

+

+ // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

+

+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

+

+ define('ACCESSCONST', TRUE);

+

+ require('db-connect.php');

+

+    $username = $_POST['username'];

+

+    // Get the SIP password for the current user from the 'app_users' table

+    $enabled = 1;

+    $querysel = $mysqli->prepare("SELECT username, sip_password, enabled FROM app_users WHERE BINARY username = ? AND enabled = ?");

+    $querysel->bind_param("si", $username, $enabled);

+    $querysel->execute();

+    $confdatafromdbinit = $querysel->get_result();

+    $confdatafromdb = $confdatafromdbinit->fetch_assoc();

+

+

+    // Decrypt the SIP password fetched from the database

+//    if ($confdatafromdb['sip_password'] != '' && $confdatafromdb['sip_password'] != null && $confdatafromdb['sip_password'] != 'undefined') {

+    if ($confdatafromdb['sip_password']) {

+

+        $psswdaddedkey = file_get_contents('../restr/'.$username.'/pwdkey');

+

+        $componentsippsswd = explode(':', $confdatafromdb['sip_password']);

+

+	$encpwdin = $componentsippsswd[0];

+	$ivkey = $componentsippsswd[1];

+

+	$sippassworddec = openssl_decrypt($encpwdin, 'AES-256-CBC', $psswdaddedkey, false, $ivkey);

+

+        $sipdatafromdb = $sippassworddec;

+

+    } else { $sipdatafromdb = ''; }

+

+    echo json_encode($sipdatafromdb);

+

+} else {

+    header("Location: ../login.php");

+}

+

+?>