new file mode 100644

@@ -0,0 +1,56 @@

+<?php

+/**

+ *  Copyright (C) 2021  Double Bastion LLC

+ *

+ *  This file is part of Roundpin, which is licensed under the

+ *  GNU Affero General Public License Version 3.0. The license terms

+ *  are detailed in the "LICENSE.txt" file located in the root directory.

+ */

+

+session_start();

+ // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

+

+if (isset($_POST['vconfextension']) && $_POST['vconfextension'] != '' && isset($_POST['encextenpass']) && $_POST['encextenpass'] != '' && isset($_POST['crntvconfext']) && 

+    $_POST['crntvconfext'] != '') {

+

+    define('ACCESSCONST', TRUE);

+

+    require('db-connect.php');

+

+    $vconfExtension = $_POST['vconfextension'];

+    $extenPassEnc = $_POST['encextenpass'];

+

+    $videoConfExt = $_POST['crntvconfext'];

+

+    // Check if the received external user extension, the corresponding encrypted password and the extension of the conference, match the data in the 'external_users' table

+    $query = $mysqli->prepare("SELECT id, exten_for_external, exten_for_ext_pass, conf_extension FROM external_users WHERE exten_for_external = ? AND exten_for_ext_pass = ? AND conf_extension = ?");

+    $query->bind_param("sss", $vconfExtension, $extenPassEnc, $videoConfExt);

+    $query->execute();

+    $extqueryres = $query->get_result()->fetch_array();

+

+    if (!$extqueryres) {

+

+        http_response_code(400);

+        exit();

+

+    } else {

+

+	    if (file_exists('../textchat/' . $videoConfExt . '/rsa_1024_pub.pem')) {

+

+		$chatKey = file('../textchat/' . $videoConfExt . '/rsa_1024_pub.pem');

+

+		if (!empty($chatKey)) { $message = 'success'; } else { $message = 'error'; }

+

+	    } else { $chatKey = ''; $message = 'error'; }

+

+    }

+

+    $result = ['chatkey' => $chatKey, 'resmessage' => $message];

+

+    echo json_encode($result);

+

+} else {

+    header("Location: ../login.php");

+}

+

+?>