Browse code

Created repository.

DoubleBastionAdmin authored on 26/01/2022 20:32:42
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,163 @@
1
+<?php
2
+/**
3
+ *  Copyright (C) 2021  Double Bastion LLC
4
+ *
5
+ *  This file is part of Roundpin, which is licensed under the
6
+ *  GNU Affero General Public License Version 3.0. The license terms
7
+ *  are detailed in the "LICENSE.txt" file located in the root directory.
8
+ */
9
+
10
+session_start();
11
+
12
+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
13
+
14
+
15
+ define('ACCESSCONST', TRUE);
16
+
17
+ require('db-connect.php');
18
+
19
+    $username = $_POST['username'];
20
+    $wssServer = $_POST['wss_server'];
21
+    $webSocketPort = $_POST['web_socket_port'];
22
+    $serverPath = $_POST['server_path'];
23
+    $profileName = $_POST['profile_name'];
24
+    $sipUsername = $_POST['sip_username'];
25
+    $sipPasswordPre = $_POST['sip_password'];
26
+    $stunServer = $_POST['stun_server'];
27
+    $audioOutputId = $_POST['audio_output_id'];
28
+    $videoSrcId = $_POST['video_src_id'];
29
+    $videoHeight = $_POST['video_height'];
30
+    $frameRate = $_POST['frame_rate'];
31
+    $aspectRatio = $_POST['aspect_ratio'];
32
+    $videoOrientation = $_POST['video_orientation'];
33
+    $audioSrcId = $_POST['audio_src_id'];
34
+    $autoGainControl = $_POST['auto_gain_control'];
35
+    $echoCancellation = $_POST['echo_cancellation'];
36
+    $noiseSuppression = $_POST['noise_suppression'];
37
+    $ringOutputId = $_POST['ring_output_id'];
38
+    $videoConfExtension = $_POST['video_conf_extension'];
39
+    $videoConfWindowWidth = $_POST['video_conf_window_width'];
40
+    $profilePicture = $_POST['profile_picture'];
41
+    $notifications = $_POST['notifications'];
42
+    $useRoundcube = $_POST['use_roundcube'];
43
+    $rcDomain = $_POST['rcdomain'];
44
+    $rcBasicAuthUser = $_POST['rcbasicauthuser'];
45
+    $rcBasicAuthPass = $_POST['rcbasicauthpass'];
46
+    $rcUser = $_POST['rcuser'];
47
+    $rcPassword = $_POST['rcpassword'];
48
+
49
+    // Encrypt the SIP password, Roundcube password (if any) and Roundcube basic auth password (if any), before inserting them into the database
50
+    if ($sipPasswordPre != '' && $sipPasswordPre != "%20%20%20%20%20%20%20") {
51
+
52
+        $keypass = substr(sha1(mt_rand()), 0, 32);
53
+        $keysalt = openssl_random_pseudo_bytes(12);
54
+        $generated_key = openssl_pbkdf2($keypass, $keysalt, 40, 100, 'sha256');
55
+        $psswdadded = bin2hex($generated_key);
56
+
57
+        if (!is_dir('restr')) {
58
+            mkdir('restr', 0700);
59
+        }
60
+
61
+        if (!is_dir('restr/'.$username.'')) {
62
+            mkdir('restr/'.$username.'', 0700);
63
+        }
64
+
65
+        file_put_contents('restr/'.$username.'/pwdkey', $psswdadded);
66
+        chmod('restr/'.$username.'/pwdkey', 0600);
67
+
68
+        $iv = substr(sha1(mt_rand()), 0, 16);
69
+        $encpwdin = openssl_encrypt($sipPasswordPre, 'AES-256-CBC', $psswdadded, false, $iv);
70
+        $sipPasswordEnc = $encpwdin.':'.$iv;
71
+
72
+    } elseif ($sipPasswordPre == "%20%20%20%20%20%20%20") { 
73
+
74
+              $queryselsippass = $mysqli->query("SELECT username, sip_password, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
75
+              $sippassarr = $queryselsippass->fetch_assoc();
76
+              $sipPasswordEnc = $sippassarr['sip_password']; 
77
+
78
+    } elseif ($sipPasswordPre == '') { 
79
+              $sipPasswordEnc = ''; 
80
+    } else { $sipPasswordEnc = ''; }
81
+
82
+
83
+    if ($rcBasicAuthPass != '' && $rcBasicAuthPass != "%20%20%20%20%20%20%20") {
84
+
85
+        $keypassrcba = substr(sha1(mt_rand()), 0, 32);
86
+        $keysaltrcba = openssl_random_pseudo_bytes(12);
87
+        $generated_keyrcba = openssl_pbkdf2($keypassrcba, $keysaltrcba, 40, 100, 'sha256');
88
+        $psswdaddedrcba = bin2hex($generated_keyrcba);
89
+
90
+        if (!is_dir('restr')) {
91
+            mkdir('restr', 0700);
92
+        }
93
+
94
+        if (!is_dir('restr/'.$username.'')) {
95
+            mkdir('restr/'.$username.'', 0700);
96
+        }
97
+
98
+        file_put_contents('restr/'.$username.'/pwdkeyrcba', $psswdaddedrcba);
99
+        chmod('restr/'.$username.'/pwdkeyrcba', 0600);
100
+
101
+        $iv2 = substr(sha1(mt_rand()), 0, 16);
102
+        $encRcBasicAuthPass = openssl_encrypt($rcBasicAuthPass, 'AES-256-CBC', $psswdaddedrcba, false, $iv2);
103
+        $rcBasicAuthPassEnc = $encRcBasicAuthPass.':'.$iv2;
104
+
105
+    } elseif ($rcBasicAuthPass == "%20%20%20%20%20%20%20") { 
106
+              $queryselrcbapass = $mysqli->query("SELECT username, rcbasicauthpass, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
107
+              $rcbapassarr = $queryselrcbapass->fetch_assoc();
108
+              $rcBasicAuthPassEnc = $rcbapassarr['rcbasicauthpass']; 
109
+    } elseif ($rcBasicAuthPass == '') { 
110
+              $rcBasicAuthPassEnc = ''; 
111
+    } else { $rcBasicAuthPassEnc = ''; }
112
+
113
+
114
+    if ($rcPassword != '' && $rcPassword != "%20%20%20%20%20%20%20") {
115
+
116
+        $keypassrc = substr(sha1(mt_rand()), 0, 32);
117
+        $keysaltrc = openssl_random_pseudo_bytes(12);
118
+        $generated_keyrc = openssl_pbkdf2($keypassrc, $keysaltrc, 40, 100, 'sha256');
119
+        $psswdaddedrc = bin2hex($generated_keyrc);
120
+
121
+        if (!is_dir('restr')) {
122
+            mkdir('restr', 0700);
123
+        }
124
+
125
+        if (!is_dir('restr/'.$username.'')) {
126
+            mkdir('restr/'.$username.'', 0700);
127
+        }
128
+
129
+        file_put_contents('restr/'.$username.'/pwdkeyrc', $psswdaddedrc);
130
+        chmod('restr/'.$username.'/pwdkeyrc', 0600);
131
+
132
+        $iv3 = substr(sha1(mt_rand()), 0, 16);
133
+        $encRcPassword = openssl_encrypt($rcPassword, 'AES-256-CBC', $psswdaddedrc, false, $iv3);
134
+        $rcPasswordEnc = $encRcPassword.':'.$iv3;
135
+
136
+    } elseif ($rcPassword == "%20%20%20%20%20%20%20") { 
137
+              $queryselrcpass = $mysqli->query("SELECT username, rcpassword, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1");
138
+              $rcpassarr = $queryselrcpass->fetch_assoc();
139
+              $rcPasswordEnc = $rcpassarr['rcpassword']; 
140
+    } elseif ($rcPassword == '') { 
141
+              $rcPasswordEnc = ''; 
142
+    } else { $rcPasswordEnc = ''; }
143
+
144
+    // Insert account data for the current user in the 'app_users' table
145
+    $enabled = 1;
146
+    $query1 = $mysqli->prepare("UPDATE `app_users` SET `wss_server`=?, `web_socket_port`=?, `server_path`=?, `profile_name`=?, `sip_username`=?, `sip_password`=?, `stun_server`=?,
147
+                                `audio_output_id`=?, `video_src_id`=?, `video_height`=?, `frame_rate`=?, `aspect_ratio`=?, `video_orientation`=?, `audio_src_id`=?, `auto_gain_control`=?,
148
+                                `echo_cancellation`=?, `noise_suppression`=?, `ring_output_id`=?, `video_conf_extension`=?, `video_conf_window_width`=?, `profile_picture`=?,
149
+                                `notifications`=?, `use_roundcube`=?, `rcdomain`=?, `rcbasicauthuser`=?, `rcbasicauthpass`=?, `rcuser`=?, `rcpassword`=? WHERE BINARY `username`=? AND `enabled`=?");
150
+    $query1->bind_param("sissssssssissssssssssiissssssi", $wssServer, $webSocketPort, $serverPath, $profileName, $sipUsername, $sipPasswordEnc, $stunServer, $audioOutputId,
151
+                         $videoSrcId, $videoHeight, $frameRate, $aspectRatio, $videoOrientation, $audioSrcId, $autoGainControl, $echoCancellation, $noiseSuppression,
152
+                         $ringOutputId, $videoConfExtension, $videoConfWindowWidth, $profilePicture, $notifications, $useRoundcube, $rcDomain, $rcBasicAuthUser, $rcBasicAuthPassEnc, 
153
+                         $rcUser, $rcPasswordEnc, $username, $enabled);
154
+    if ($query1->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; }
155
+
156
+    $response = array('result' => $messagetosend);
157
+    echo json_encode($response);
158
+
159
+} else {
160
+    header("Location: roundpin-login.php");
161
+}
162
+
163
+?>