1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,163 @@ |
1 |
+<?php |
|
2 |
+/** |
|
3 |
+ * Copyright (C) 2021 Double Bastion LLC |
|
4 |
+ * |
|
5 |
+ * This file is part of Roundpin, which is licensed under the |
|
6 |
+ * GNU Affero General Public License Version 3.0. The license terms |
|
7 |
+ * are detailed in the "LICENSE.txt" file located in the root directory. |
|
8 |
+ */ |
|
9 |
+ |
|
10 |
+session_start(); |
|
11 |
+ |
|
12 |
+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) { |
|
13 |
+ |
|
14 |
+ |
|
15 |
+ define('ACCESSCONST', TRUE); |
|
16 |
+ |
|
17 |
+ require('db-connect.php'); |
|
18 |
+ |
|
19 |
+ $username = $_POST['username']; |
|
20 |
+ $wssServer = $_POST['wss_server']; |
|
21 |
+ $webSocketPort = $_POST['web_socket_port']; |
|
22 |
+ $serverPath = $_POST['server_path']; |
|
23 |
+ $profileName = $_POST['profile_name']; |
|
24 |
+ $sipUsername = $_POST['sip_username']; |
|
25 |
+ $sipPasswordPre = $_POST['sip_password']; |
|
26 |
+ $stunServer = $_POST['stun_server']; |
|
27 |
+ $audioOutputId = $_POST['audio_output_id']; |
|
28 |
+ $videoSrcId = $_POST['video_src_id']; |
|
29 |
+ $videoHeight = $_POST['video_height']; |
|
30 |
+ $frameRate = $_POST['frame_rate']; |
|
31 |
+ $aspectRatio = $_POST['aspect_ratio']; |
|
32 |
+ $videoOrientation = $_POST['video_orientation']; |
|
33 |
+ $audioSrcId = $_POST['audio_src_id']; |
|
34 |
+ $autoGainControl = $_POST['auto_gain_control']; |
|
35 |
+ $echoCancellation = $_POST['echo_cancellation']; |
|
36 |
+ $noiseSuppression = $_POST['noise_suppression']; |
|
37 |
+ $ringOutputId = $_POST['ring_output_id']; |
|
38 |
+ $videoConfExtension = $_POST['video_conf_extension']; |
|
39 |
+ $videoConfWindowWidth = $_POST['video_conf_window_width']; |
|
40 |
+ $profilePicture = $_POST['profile_picture']; |
|
41 |
+ $notifications = $_POST['notifications']; |
|
42 |
+ $useRoundcube = $_POST['use_roundcube']; |
|
43 |
+ $rcDomain = $_POST['rcdomain']; |
|
44 |
+ $rcBasicAuthUser = $_POST['rcbasicauthuser']; |
|
45 |
+ $rcBasicAuthPass = $_POST['rcbasicauthpass']; |
|
46 |
+ $rcUser = $_POST['rcuser']; |
|
47 |
+ $rcPassword = $_POST['rcpassword']; |
|
48 |
+ |
|
49 |
+ // Encrypt the SIP password, Roundcube password (if any) and Roundcube basic auth password (if any), before inserting them into the database |
|
50 |
+ if ($sipPasswordPre != '' && $sipPasswordPre != "%20%20%20%20%20%20%20") { |
|
51 |
+ |
|
52 |
+ $keypass = substr(sha1(mt_rand()), 0, 32); |
|
53 |
+ $keysalt = openssl_random_pseudo_bytes(12); |
|
54 |
+ $generated_key = openssl_pbkdf2($keypass, $keysalt, 40, 100, 'sha256'); |
|
55 |
+ $psswdadded = bin2hex($generated_key); |
|
56 |
+ |
|
57 |
+ if (!is_dir('restr')) { |
|
58 |
+ mkdir('restr', 0700); |
|
59 |
+ } |
|
60 |
+ |
|
61 |
+ if (!is_dir('restr/'.$username.'')) { |
|
62 |
+ mkdir('restr/'.$username.'', 0700); |
|
63 |
+ } |
|
64 |
+ |
|
65 |
+ file_put_contents('restr/'.$username.'/pwdkey', $psswdadded); |
|
66 |
+ chmod('restr/'.$username.'/pwdkey', 0600); |
|
67 |
+ |
|
68 |
+ $iv = substr(sha1(mt_rand()), 0, 16); |
|
69 |
+ $encpwdin = openssl_encrypt($sipPasswordPre, 'AES-256-CBC', $psswdadded, false, $iv); |
|
70 |
+ $sipPasswordEnc = $encpwdin.':'.$iv; |
|
71 |
+ |
|
72 |
+ } elseif ($sipPasswordPre == "%20%20%20%20%20%20%20") { |
|
73 |
+ |
|
74 |
+ $queryselsippass = $mysqli->query("SELECT username, sip_password, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1"); |
|
75 |
+ $sippassarr = $queryselsippass->fetch_assoc(); |
|
76 |
+ $sipPasswordEnc = $sippassarr['sip_password']; |
|
77 |
+ |
|
78 |
+ } elseif ($sipPasswordPre == '') { |
|
79 |
+ $sipPasswordEnc = ''; |
|
80 |
+ } else { $sipPasswordEnc = ''; } |
|
81 |
+ |
|
82 |
+ |
|
83 |
+ if ($rcBasicAuthPass != '' && $rcBasicAuthPass != "%20%20%20%20%20%20%20") { |
|
84 |
+ |
|
85 |
+ $keypassrcba = substr(sha1(mt_rand()), 0, 32); |
|
86 |
+ $keysaltrcba = openssl_random_pseudo_bytes(12); |
|
87 |
+ $generated_keyrcba = openssl_pbkdf2($keypassrcba, $keysaltrcba, 40, 100, 'sha256'); |
|
88 |
+ $psswdaddedrcba = bin2hex($generated_keyrcba); |
|
89 |
+ |
|
90 |
+ if (!is_dir('restr')) { |
|
91 |
+ mkdir('restr', 0700); |
|
92 |
+ } |
|
93 |
+ |
|
94 |
+ if (!is_dir('restr/'.$username.'')) { |
|
95 |
+ mkdir('restr/'.$username.'', 0700); |
|
96 |
+ } |
|
97 |
+ |
|
98 |
+ file_put_contents('restr/'.$username.'/pwdkeyrcba', $psswdaddedrcba); |
|
99 |
+ chmod('restr/'.$username.'/pwdkeyrcba', 0600); |
|
100 |
+ |
|
101 |
+ $iv2 = substr(sha1(mt_rand()), 0, 16); |
|
102 |
+ $encRcBasicAuthPass = openssl_encrypt($rcBasicAuthPass, 'AES-256-CBC', $psswdaddedrcba, false, $iv2); |
|
103 |
+ $rcBasicAuthPassEnc = $encRcBasicAuthPass.':'.$iv2; |
|
104 |
+ |
|
105 |
+ } elseif ($rcBasicAuthPass == "%20%20%20%20%20%20%20") { |
|
106 |
+ $queryselrcbapass = $mysqli->query("SELECT username, rcbasicauthpass, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1"); |
|
107 |
+ $rcbapassarr = $queryselrcbapass->fetch_assoc(); |
|
108 |
+ $rcBasicAuthPassEnc = $rcbapassarr['rcbasicauthpass']; |
|
109 |
+ } elseif ($rcBasicAuthPass == '') { |
|
110 |
+ $rcBasicAuthPassEnc = ''; |
|
111 |
+ } else { $rcBasicAuthPassEnc = ''; } |
|
112 |
+ |
|
113 |
+ |
|
114 |
+ if ($rcPassword != '' && $rcPassword != "%20%20%20%20%20%20%20") { |
|
115 |
+ |
|
116 |
+ $keypassrc = substr(sha1(mt_rand()), 0, 32); |
|
117 |
+ $keysaltrc = openssl_random_pseudo_bytes(12); |
|
118 |
+ $generated_keyrc = openssl_pbkdf2($keypassrc, $keysaltrc, 40, 100, 'sha256'); |
|
119 |
+ $psswdaddedrc = bin2hex($generated_keyrc); |
|
120 |
+ |
|
121 |
+ if (!is_dir('restr')) { |
|
122 |
+ mkdir('restr', 0700); |
|
123 |
+ } |
|
124 |
+ |
|
125 |
+ if (!is_dir('restr/'.$username.'')) { |
|
126 |
+ mkdir('restr/'.$username.'', 0700); |
|
127 |
+ } |
|
128 |
+ |
|
129 |
+ file_put_contents('restr/'.$username.'/pwdkeyrc', $psswdaddedrc); |
|
130 |
+ chmod('restr/'.$username.'/pwdkeyrc', 0600); |
|
131 |
+ |
|
132 |
+ $iv3 = substr(sha1(mt_rand()), 0, 16); |
|
133 |
+ $encRcPassword = openssl_encrypt($rcPassword, 'AES-256-CBC', $psswdaddedrc, false, $iv3); |
|
134 |
+ $rcPasswordEnc = $encRcPassword.':'.$iv3; |
|
135 |
+ |
|
136 |
+ } elseif ($rcPassword == "%20%20%20%20%20%20%20") { |
|
137 |
+ $queryselrcpass = $mysqli->query("SELECT username, rcpassword, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1"); |
|
138 |
+ $rcpassarr = $queryselrcpass->fetch_assoc(); |
|
139 |
+ $rcPasswordEnc = $rcpassarr['rcpassword']; |
|
140 |
+ } elseif ($rcPassword == '') { |
|
141 |
+ $rcPasswordEnc = ''; |
|
142 |
+ } else { $rcPasswordEnc = ''; } |
|
143 |
+ |
|
144 |
+ // Insert account data for the current user in the 'app_users' table |
|
145 |
+ $enabled = 1; |
|
146 |
+ $query1 = $mysqli->prepare("UPDATE `app_users` SET `wss_server`=?, `web_socket_port`=?, `server_path`=?, `profile_name`=?, `sip_username`=?, `sip_password`=?, `stun_server`=?, |
|
147 |
+ `audio_output_id`=?, `video_src_id`=?, `video_height`=?, `frame_rate`=?, `aspect_ratio`=?, `video_orientation`=?, `audio_src_id`=?, `auto_gain_control`=?, |
|
148 |
+ `echo_cancellation`=?, `noise_suppression`=?, `ring_output_id`=?, `video_conf_extension`=?, `video_conf_window_width`=?, `profile_picture`=?, |
|
149 |
+ `notifications`=?, `use_roundcube`=?, `rcdomain`=?, `rcbasicauthuser`=?, `rcbasicauthpass`=?, `rcuser`=?, `rcpassword`=? WHERE BINARY `username`=? AND `enabled`=?"); |
|
150 |
+ $query1->bind_param("sissssssssissssssssssiissssssi", $wssServer, $webSocketPort, $serverPath, $profileName, $sipUsername, $sipPasswordEnc, $stunServer, $audioOutputId, |
|
151 |
+ $videoSrcId, $videoHeight, $frameRate, $aspectRatio, $videoOrientation, $audioSrcId, $autoGainControl, $echoCancellation, $noiseSuppression, |
|
152 |
+ $ringOutputId, $videoConfExtension, $videoConfWindowWidth, $profilePicture, $notifications, $useRoundcube, $rcDomain, $rcBasicAuthUser, $rcBasicAuthPassEnc, |
|
153 |
+ $rcUser, $rcPasswordEnc, $username, $enabled); |
|
154 |
+ if ($query1->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; } |
|
155 |
+ |
|
156 |
+ $response = array('result' => $messagetosend); |
|
157 |
+ echo json_encode($response); |
|
158 |
+ |
|
159 |
+} else { |
|
160 |
+ header("Location: roundpin-login.php"); |
|
161 |
+} |
|
162 |
+ |
|
163 |
+?> |