mirror of
https://github.com/ShaYmez/FreeSTAR-Status-Engine.git
synced 2024-11-30 16:18:50 -05:00
ea582aeed6
The code to handle sending of notification was missing. This change makes two different options available on how notifications will be handled which will be controlled by CRON_SERVER_IP config option. - If CRON_SERVER_IP is set, the server with the given IP should call URL ../admin/?task=cron every x minutes. If the config is left empty, the notification will be called once the incident has been saved. (The latter meothod might cause server timeout if there are large numbers of subscribers!) Other minor changes: - Removed old commented code - Removed call to syslog used for debugging
330 lines
11 KiB
PHP
330 lines
11 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Subscriber class
|
|
*
|
|
*/
|
|
Class Subscriber
|
|
{
|
|
public $id = null;
|
|
public $firstname = null;
|
|
public $lastname = null;
|
|
public $userID = ""; // Holds email, telegram id etc
|
|
public $token = null;
|
|
public $active = 0;
|
|
public $typeID = null; // Holds subscription type ID
|
|
|
|
|
|
function __construct() {
|
|
$this->firstname = null;
|
|
$this->lastname = null;
|
|
$this->userID = "";
|
|
$this->token = null;
|
|
$this->active = 0;
|
|
$this->typeID = null;
|
|
}
|
|
|
|
/**
|
|
* Gets authentcation token for specified subscriberID
|
|
* @param Integer $subscriberID - specifies which subscriber we are looking up
|
|
* @param Integer $typeID - specifies which type of subscription we are refering (1 = telegram, 2 = email)
|
|
* @return String $token - 32 bytes HEX string
|
|
*/
|
|
public function get_token($subscriberID, $typeID)
|
|
{
|
|
global $mysqli;
|
|
$stmt = $mysqli->prepare("SELECT token FROM subscribers WHERE subscriberID = ? and typeID=? and active = 1 LIMIT 1");
|
|
$stmt->bind_param("ii", $subscriberID, $typeID);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
if ($result->num_rows > 0) {
|
|
$row = $result->fetch_assoc();
|
|
$this->token = $row['token'];
|
|
//$this->get_subscriber_by_token($this->token);
|
|
return $row['token'];
|
|
}
|
|
return false;
|
|
|
|
}
|
|
public function get_subscriber_by_token($token)
|
|
{
|
|
global $mysqli;
|
|
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE token=? and typeID=?");
|
|
$stmt->bind_param("si", $token, $this->typeID);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
if ($result->num_rows > 0) {
|
|
$row = $result->fetch_assoc();
|
|
$this->id = $row['subscriberID'];
|
|
$this->populate(); //
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public function get_subscriber_by_userid($create = false)
|
|
{
|
|
global $mysqli;
|
|
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE userID LIKE ? AND typeID = ? LIMIT 1");
|
|
$stmt->bind_param("si", $this->userID, $this->typeID );
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
|
|
if ($result->num_rows > 0) {
|
|
$row = $result->fetch_assoc();
|
|
$this->id = $row['subscriberID'];
|
|
$this->populate();
|
|
return $row['subscriberID'];
|
|
} else {
|
|
// User is not registered in DB, so add if $create = true
|
|
if ( $create ) {
|
|
$subscriber_id = $this->add($this->typeID, $this->userID, $this->active, $this->firstname, $this->lastname);
|
|
return $subscriber_id;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public function populate()
|
|
{
|
|
global $mysqli;
|
|
$stmt = $mysqli->prepare("SELECT typeID, userID, firstname, lastname, token, active FROM subscribers WHERE subscriberID = ?");
|
|
$stmt->bind_param("i", $this->id);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
if ($result->num_rows > 0) {
|
|
$row = $result->fetch_assoc();
|
|
$this->userID = $row['userID'];
|
|
$this->typeID = $row['typeID'];
|
|
$this->firstname = $row['firstname'];
|
|
$this->lastname = $row['lastname'];
|
|
$this->token = $row['token'];
|
|
$this->active = $row['active'];
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public function add($typeID, $userID, $active = null, $firstname = null, $lastname = null)
|
|
{
|
|
global $mysqli;
|
|
$expireTime = strtotime("+2 hours");
|
|
$updateTime = strtotime("now");
|
|
$token = $this->generate_token();
|
|
|
|
$stmt = $mysqli->prepare("INSERT INTO subscribers (typeID, userID, firstname, lastname, token, active, expires, create_time) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
|
|
$stmt->bind_param("issssiii", $typeID, $userID, $firstname, $lastname, $token, $active, $expireTime, $updateTime);
|
|
$stmt->execute();
|
|
//$query = $stmt->get_result();
|
|
|
|
$this->id = $mysqli->insert_id;
|
|
$this->typeID = $typeID;
|
|
$this->userID = $userID;
|
|
$this->token = $token;
|
|
$this->firstname = $firstname;
|
|
$this->lastname = $lastname;
|
|
$this->active = $active;
|
|
return $this->id;
|
|
}
|
|
|
|
public function update($subscriberID)
|
|
{
|
|
global $mysqli;
|
|
$updateTime = strtotime("now");
|
|
$stmt = $mysqli->prepare("UPDATE subscribers SET update_time = ? WHERE subscriberID=?");
|
|
$stmt->bind_param("ii", $updateTime, $subscriberID);
|
|
$stmt->execute();
|
|
return true;
|
|
|
|
}
|
|
|
|
public function activate($subscriberID)
|
|
{
|
|
global $mysqli;
|
|
$updateTime = strtotime("now");
|
|
|
|
$stmt = $mysqli->prepare("UPDATE subscribers SET update_time = ?, expires = ? WHERE subscriberID = ?");
|
|
$tmp = null;
|
|
$stmt->bind_param("iii", $updateTime, $tmp, $subscriberID);
|
|
$stmt->execute();
|
|
return true;
|
|
}
|
|
|
|
public function delete($subscriberID)
|
|
{
|
|
global $mysqli;
|
|
|
|
$stmt = $mysqli->prepare("DELETE FROM services_subscriber WHERE subscriberIDFK = ?");
|
|
$stmt->bind_param("i", $subscriberID);
|
|
$stmt->execute();
|
|
//$query = $stmt->get_result();
|
|
|
|
$stmt = $mysqli->prepare("DELETE FROM subscribers WHERE subscriberID = ?");
|
|
$stmt->bind_param("i", $subscriberID);
|
|
$stmt->execute();
|
|
//$query = $stmt->get_result();
|
|
return true;
|
|
|
|
}
|
|
|
|
public function check_userid_exist()
|
|
{
|
|
global $mysqli;
|
|
|
|
$stmt = $mysqli->prepare("SELECT subscriberID, userID, token, active FROM subscribers WHERE typeID=? AND userID=? LIMIT 1");
|
|
|
|
$stmt->bind_param("is", $this->typeID, $this->userID);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
|
|
if($result->num_rows > 0) {
|
|
$row = $result->fetch_assoc();
|
|
$this->id = $row['subscriberID'];
|
|
$this->populate();
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public function is_active_subscriber($token)
|
|
{
|
|
global $mysqli;
|
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT subscriberID, token, userID, active, expires FROM subscribers WHERE token LIKE ? LIMIT 1");
|
|
$stmt->bind_param("s", $token );
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
|
|
if ($result->num_rows > 0) {
|
|
$row = $result->fetch_assoc();
|
|
} else {
|
|
// No data found, fail gently...
|
|
return false;
|
|
}
|
|
|
|
// If account is not already active, check if we are within timeframe of exipre +2h
|
|
// and active if so, otherwise,delete account and return falsev
|
|
if ( $row['active'] <> 1 ) {
|
|
|
|
// Calculate time range for when subscription need to be validated
|
|
$time_end = $row['expires'];
|
|
$time_start = $time_end - (3600*2); // TODO - make this interval configurable via a config option
|
|
$time_now = time();
|
|
|
|
if ( ($time_now > $time_start) && ($time_now < $time_end) ) {
|
|
// Timefram is within range, active user..
|
|
$stmt2 = $mysqli->prepare("UPDATE subscribers SET active=1, expires=null WHERE subscriberID = ?");
|
|
$stmt2->bind_param("i", $row['subscriberID']);
|
|
$stmt2->execute();
|
|
$result = $stmt2->get_result();
|
|
$this->active = 1;
|
|
$this->id = $row['subscriberID'];
|
|
$this->userID = $row['userID'];
|
|
$this->token = $row['token'];
|
|
return true;
|
|
|
|
} else {
|
|
// Timeframe outside of given scope -> delete account
|
|
$stmt2 = $mysqli->prepare("DELETE FROM subscribers WHERE subscriberID = ?");
|
|
$stmt2->bind_param("i", $row['subscriberID']);
|
|
$stmt2->execute();
|
|
$result = $stmt2->get_result();
|
|
$this->active = 0;
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// if we get here, account should already be active
|
|
$this->active = 1;
|
|
$this->id = $row['subscriberID'];
|
|
$this->userID = $row['userID'];
|
|
$this->token = $row['token'];
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Generate a new 64 byte token (32 bytes converted from bin2hex = 64 bytes)
|
|
* @return string token
|
|
*/
|
|
public function generate_token()
|
|
{
|
|
global $mysqli;
|
|
|
|
if ( function_exists('openssl_random_pseudo_bytes') ) {
|
|
$token = openssl_random_pseudo_bytes(32); //Generate a random string.
|
|
$token = bin2hex($token); //Convert the binary data into hexadecimal representation.
|
|
} else {
|
|
// Use alternative token generator if openssl isn't available...
|
|
$token = make_alt_token(32, 32);
|
|
}
|
|
|
|
// Make sure token doesn't already exist in db
|
|
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE token LIKE ?");
|
|
echo $mysqli->error;
|
|
$stmt->bind_param("s", $token);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
if ($result->num_rows > 0 ) {
|
|
// token already exists, call self again
|
|
$token = $this->generate_token();
|
|
}
|
|
|
|
return $token;
|
|
}
|
|
|
|
/**
|
|
* Alternative token generator if openssl_random_pseudo_bytes is not available
|
|
* Original code by jsheets at shadonet dot com from http://php.net/manual/en/function.mt-rand.php
|
|
* @params int min_length Minimum length of token
|
|
* @params int max_length Maximum length of token
|
|
* @return String token
|
|
*/
|
|
public function make_alt_token($min_length = 32, $max_length = 64)
|
|
{
|
|
$key = '';
|
|
|
|
// build range and shuffle range using ASCII table
|
|
for ($i=0; $i<=255; $i++) {
|
|
$range[] = chr($i);
|
|
}
|
|
|
|
// shuffle our range 3 times
|
|
for ($i=0; $i<=3; $i++) {
|
|
shuffle($range);
|
|
}
|
|
|
|
// loop for random number generation
|
|
for ($i = 0; $i < mt_rand($min_length, $max_length); $i++) {
|
|
$key .= $range[mt_rand(0, count($range)-1)];
|
|
}
|
|
|
|
$return = bin2hex($key);
|
|
|
|
if (!empty($return)) {
|
|
return $return;
|
|
} else {
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
public function set_logged_in()
|
|
{
|
|
$_SESSION['subscriber_valid'] = true;
|
|
$_SESSION['subscriber_id'] = $this->id;
|
|
$_SESSION['subscriber_userid'] = $this->userID;
|
|
$_SESSION['subscriber_typeid'] = $this->typeID; //email
|
|
$_SESSION['subscriber_token'] = $this->token;
|
|
}
|
|
|
|
public function set_logged_off()
|
|
{
|
|
unset($_SESSION['subscriber_valid']);
|
|
unset($_SESSION['subscriber_userid']);
|
|
unset($_SESSION['subscriber_typeid']);
|
|
unset($_SESSION['subscriber_id']);
|
|
unset($_SESSION['subscriber_token']);
|
|
}
|
|
|
|
}
|