X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fwernis_functions.php;h=41a0b09a27bbcef242327af2522a2bedd2ac24d7;hp=90e88a01e7ffe298f3c3067112999490019b6e3a;hb=82c5c7d37ee00f628b4fdd445f7fc453523ed1dd;hpb=18e3de7e5fc69d4d2a9f99e51b9f0ad516250744 diff --git a/inc/libs/wernis_functions.php b/inc/libs/wernis_functions.php index 90e88a01e7..41a0b09a27 100644 --- a/inc/libs/wernis_functions.php +++ b/inc/libs/wernis_functions.php @@ -16,7 +16,7 @@ * $Author:: $ * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009 - 2013 by Mailer Developer Team * + * Copyright (c) 2009 - 2015 by Mailer Developer Team * * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -73,6 +73,9 @@ function getWernisErrorCode () { // Sends out a request to the API and returns it's result function sendWernisApiRequest ($scriptName, $requestData = array()) { + // Debug call + //* DEBUG */ reportBug(__FUNCTION__, __LINE__, 'scriptName=' . $scriptName . ',requestData=
' . print_r($requestData, TRUE) . '
'); + // Is the requestData an array? if (!is_array($requestData)) { // Then abort here! @@ -198,14 +201,60 @@ function sendWernisApiRequest ($scriptName, $requestData = array()) { break; } } else { - // All fine here - $return = array( - 'status' => 'OK', - 'response' => $responseLine - ); + // All fine, then analyze API response + $return = convertApiResponseToArray($responseLine, '&', '='); + + // Nothing is fine now + $return['status'] = 'generic_failed'; + $return['message'] = '--WERNIS_API_REQUEST_FAILED_GENERIC--}'; + + // Are 'encrypted', 'key' and 'iv' set? + //* DEBUG-DIE */ die(__FUNCTION__ . ':return=
' . print_r($return, TRUE) . '
'); + if ((isset($return['encrypted'])) && (isset($return['key'])) && (isset($return['iv']))) { + // Fully decode it (URL-encoded BASE64) + $decoded = decodeString($return['encrypted']); + $iv = decodeString($return['iv']); + + // Generate decryption key + $decryptionKey = generateWernisDecryptionKey($return['key']); + + // Decrypt string + $decrypted = decrytStringByCipher($decoded, getWernisEncryptionAlgorithm(), getWernisEncryptionMode(), $decryptionKey, $iv); + //* DEBUG-DIE */ die('key="' . $return['key'] . '"
decryptionKey="' . $decryptionKey . '"
decoded="' . $decoded . '"
decrypted="' . $decrypted . '"'); + + // First char must be an & + assert(substr($decrypted, 0, 1) == '&'); + + // Now the string needs to be turned into an array, first explode all & + $elements = explode('&', $decrypted); + + // And remove first element + array_shift($elements); + //* DEBUG-DIE */ die('elements=
' . print_r($elements, TRUE) . '
'); + + // Now "walk" all ements + foreach ($elements as $idx => $element) { + // Explode element + $keyValue = explode('=', $element); + + // Make sure it is valid + assert(count($keyValue) == 2); + + // Now handle all over + $return[$keyValue[0]] = $keyValue[1]; + } // END - foreach + + // Remove encryption stuff + unset($return['encrypted'], $return['key'], $return['iv']); + } // END - if + + // All fine ... + $return['status'] = 'OK'; + $return['message'] = NULL; } // Return the result + //* DEBUG-DIE */ die(__FUNCTION__ . ':return=
' . print_r($return, TRUE) . '
'); return $return; } @@ -219,8 +268,8 @@ function doAdminTestWernisApi () { // Prepare the request data $requestData = array( - 't_uid' => getWernisRefid(), - 't_md5' => getWernisPassMd5() + 't_uid' => getWernisRefid(), + 't_md5' => getWernisPassMd5() ); // Return the result from the lower functions @@ -268,6 +317,7 @@ function executeWernisApiWithdraw ($wdsId, $userMd5, $amount) { // Return the result from the lower functions $return = sendWernisApiRequest('book.php', $requestData); + // Did it went smoothly? if (isHttpResponseStatusOkay($return)) { // All fine! $result = TRUE; @@ -352,6 +402,7 @@ function executeWernisApiGet ($authData, $subRequest, $fields) { 'sub_request' => $subRequest, 'fields' => $fields, 't_uid' => bigintval($authData['wernis_userid']), + 't_md5' => getWernisPassMd5(), 'auth_key' => $authData['api_auth_key'], 'challenge' => $authData['api_redirect_challenge'] ); @@ -457,14 +508,12 @@ function doDisplayWernisUserRegistrationForm () { displayMessage('{--GUEST_WERNIS_REGISTRATION_PASSWORD_NOT_SET--}'); } else { // So far, all fine, then let's do the call-back on auth.php ... - $response = executeWernisApiAuth(postRequestElement('wernis_id'), postRequestElement('wernis_password')); - - // Was the status okay? - if (isHttpResponseStatusOkay($response)) { - // All fine, then analyze API response - $args = convertApiResponseToArray($response['response'], '&', '='); + $args = executeWernisApiAuth(postRequestElement('wernis_id'), postRequestElement('wernis_password')); + // Status was okay? + if (isHttpResponseStatusOkay($args)) { // Is status set? + //* DEBUG-DIE */ die('response=
' . print_r($response, TRUE) . '
,args=' . '
'.print_r($args, TRUE).'
'); assert(isset($args['auth_status'])); // Add WDS66 userid @@ -486,7 +535,7 @@ function doDisplayWernisUserRegistrationForm () { die(__FUNCTION__ . ':' . __LINE__ . ': status[' . gettype($status) . ']=' . $status . ' - Unfinished.'); } else { // Something bad happened - displayMessage($response['message']); + displayMessage($args['message']); } } } // END - if @@ -529,21 +578,30 @@ function doDisplayWernisUserRegistrationForm () { // Finish user registration with WDS66 API function doWernisFinishUserRegistration ($challenge, $challengeResponse, $status) { - // Check status from GET parameters and stored value - if (($status == '1') && (isFormSent('wernis_register'))) { - // Form has been sent - die(__FUNCTION__ . ':' . __LINE__ . ': Reached!'); - } elseif ($status == '1') { + // Is the status 1? (= all fine with API call) + if ($status == '1') { // Get mapped data based on challenge - $return = getWernisMapedDataFromApiByChallenge($challenge, $status); + $return = getWernisMappedDataFromApiByChallenge($challenge, $status); // Is the array filled? - if ((count($return['mapped_data']) > 0) && (empty($return['message']))) { + //* DEBUG-DIE */ die(__METHOD__ . ':return=
' . print_r($return, TRUE) . '
- EXIT!'); + if ((isset($return['mapped_data'])) && (count($return['mapped_data']) > 0) && (empty($return['message']))) { + // Set must-fillout fields + $return['mapped_data'] = runFilterChain('register_must_fillout', $return['mapped_data']); + + // Add missing elements + $return['mapped_data']['gender'] = NULL; + $return['mapped_data']['birthday_selection'] = generateDayMonthYearSelectionBox($return['mapped_data']['birth_day'], $return['mapped_data']['birth_month'], $return['mapped_data']['birth_year']); + $return['mapped_data']['challenge'] = getRequestElement('challenge'); + $return['mapped_data']['__challenge_response'] = getRequestElement('__challenge_response'); + // Display form loadTemplate('guest_wernis_registration_form', FALSE, $return['mapped_data']); + + // All fine return TRUE; } else { - // Something bad happened + // Something unexpected happened (e.g. no API requests left) displayMessage($return['message']); return FALSE; } @@ -554,7 +612,7 @@ function doWernisFinishUserRegistration ($challenge, $challengeResponse, $status } // "Getter" for mapped data by calling the API and given challenge and status -function getWernisMapedDataFromApiByChallenge ($challenge, $status) { +function getWernisMappedDataFromApiByChallenge ($challenge, $status) { // Get stored registration data $rows = getWernisRegistrationDataByKey('api_redirect_challenge', $challenge); @@ -587,33 +645,32 @@ function getWernisMapedDataFromApiByChallenge ($challenge, $status) { } // END - if // Now call "get.php" - $response = executeWernisApiGet($rows[0], 'data', 'anrede|vorname|name|strasse|plz|ort|birth_day|birth_month|birth_year|email|werber'); + $response = executeWernisApiGet($rows[0], 'data', 'vorname|name|strasse|plz|ort|birth_day|birth_month|birth_year|email|werber'); // Was the status okay? + //* DEBUG-DIE */ die(__FUNCTION__ . ':response=
' . print_r($response, TRUE) . '
'); if (isHttpResponseStatusOkay($response)) { // API returned non-errous response, 'data=' must be found - assert(substr($response['response'], 0, 5) == 'data='); - - // And remove it, this is now BASE64-encoded - $encodedData = urldecode(substr($response['response'], 5)); + assert(isset($response['data'])); // And decode it (all steps separated to later "easily" debug them) - $decodedData = base64_decode($encodedData); + $decodedData = base64_decode(urldecode($response['data'])); + //* DEBUG-DIE */ die(__FUNCTION__ . ':decodedData=' . $decodedData); /* * Do some checks on the decoded string, it should be a - * serialized array with 11 entries (see above + * serialized array with 10 entries (see above * executeWernisApiGet() call). */ - assert(substr($decodedData, 0, 6) == 'a:11:{'); + assert(substr($decodedData, 0, 6) == 'a:10:{'); assert(substr($decodedData, -1, 1) == '}'); // The array seems to be fine, unserialize it $userData = unserialize($decodedData); + //* DEBUG-DIE */ die(__METHOD__ . ':userData=
' . print_r($userData, TRUE) . '
- EXIT!'); // All mappings WDS66->mailer $mappings = array( - 'anrede' => 'gender', 'vorname' => 'surname', 'name' => 'family', 'strasse' => 'street_nr', @@ -649,6 +706,7 @@ function getWernisMapedDataFromApiByChallenge ($challenge, $status) { } // Return mapped data array + //* DEBUG-DIE */ die(__METHOD__ . ':return=
' . print_r($return, TRUE) . '
- EXIT!'); return $return; } @@ -658,15 +716,16 @@ function updateWernisRegistrationDataByKey ($updatedColumn, $key, $oldValue, $ne sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_wernis_regs` SET - `%s`='%s' + `%s` = '%s' WHERE - `%s`='%s' AND + `%s` = '%s' AND `%s` != '%s' LIMIT 1", array( $updatedColumn, $newValue, $key, + $oldValue, $updatedColumn, $oldValue ), __FUNCTION__, __LINE__ @@ -719,6 +778,38 @@ LIMIT %d", return $rows; } +// Do local user registration with data from WDS66 API +function doWernisUserRegistration () { + // Call generic registration function + $status = doGenericUserRegistration(); + + // Does this went fine? + if ($status === FALSE) { + // No, then abort here silently + return FALSE; + } // END - if + + // Make sure the user id is valid + assert(isset($GLOBALS['register_userid'])); + assert(isValidId($GLOBALS['register_userid'])); + + // Generic registration is finished, so add more data: +} + +// Generates decrption key based on private key, public key and API key +function generateWernisDecryptionKey ($publicKey) { + // Generate key from most known data + $key = hashSha256(sprintf( + '%s:%s:%s', + getWernisApiMd5(), + getWernisPrivateKey(), + $publicKey + )); + + // Return it + return $key; +} + //----------------------------------------------------------------------------- // Auth status callback functions //----------------------------------------------------------------------------- @@ -763,7 +854,7 @@ SET `api_redirect_challenge`='%s' WHERE `api_auth_key`='%s' AND - `wernis_userid`=%s + `wernis_userid`=%s AND `api_auth_status`='PENDING' LIMIT 1", array( @@ -778,7 +869,8 @@ LIMIT 1", assert(sqlAffectedRows() == 1); // Redirect to WDS66 module=auth ... - redirectToUrl(getWernisBaseUrl() . '/modules.php?module=auth&auth_key=' . $args['auth_key'] . '&params=' . urlencode(base64_encode('&module=' . getModule() . '&what=' . getWhat())) . '&challenge=' . $challenge); + //* DEBUG-DIE */ die(__FUNCTION__ . ':' . __LINE__ . '
' . print_r($args, TRUE) . '
'); + redirectToUrl(getWernisBaseUrl() . '/modules.php?module=auth&auth_key=' . trim($args['auth_key']) . '&params=' . urlencode(base64_encode('&module=' . getModule() . '&what=' . getWhat())) . '&challenge=' . $challenge, FALSE, FALSE); } // Handler for auth_status=ACCEPTED @@ -789,7 +881,52 @@ function doWernisAuthAccepted ($args) { // auth_key and wernis_userid must be set assert(isset($args['auth_key'])); assert(isset($args['wernis_userid'])); - die(__FUNCTION__ . '
'.print_r($args, TRUE).'
'); + die(__FUNCTION__ . ':' . __LINE__ . '
' . print_r($args, TRUE) . '
'); +} + +//------------------------------------------------------------------------------ +// Template helper functions +//------------------------------------------------------------------------------ + +// Template helper to generate a selection box for encryption alogrithms +function doTemplateSelectWernisEncryptionAlgorithm ($templateName, $clear = FALSE, $default = NULL) { + // Get all available algorithms + $algorithms = getSupportedEncryptionAlgorithms(); + //* DEBUG-DIE */ die('algorithms=
' . print_r($algorithms, TRUE) . '
'); + + // Init array + $options = array(); + + // And fill it + foreach ($algorithms as $key => $dummy) { + $options[$key] = array('algorithms' => $key); + } // END - if + + // Handle it over to generateSelectionBoxFromArray() + $content = generateSelectionBoxFromArray($options, 'wernis_encryption_algorithm', 'algorithms', '', '_wernis', '', $default, '', TRUE, FALSE); + + // Return prepared content + return $content; +} + +// Template helper to generate a selection box for encryption alogrithms +function doTemplateSelectWernisEncryptionMode ($templateName, $clear = FALSE, $default = NULL) { + // Get all available modes + $modes = getSupportedEncryptionModes(); + + // Init array + $options = array(); + + // And fill it + foreach ($modes as $key => $dummy) { + $options[$key] = array('modes' => $key); + } // END - if + + // Handle it over to generateSelectionBoxFromArray() + $content = generateSelectionBoxFromArray($options, 'wernis_encryption_mode', 'modes', '', '_wernis', '', $default, '', TRUE, FALSE); + + // Return prepared content + return $content; } //----------------------------------------------------------------------------- @@ -1012,5 +1149,41 @@ function getWernisBaseUrl () { return $GLOBALS[__FUNCTION__]; } +// Wrapper function for 'wernis_encryption_algorithm' +function getWernisEncryptionAlgorithm () { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__])) { + // Get config entry + $GLOBALS[__FUNCTION__] = getConfig('wernis_encryption_algorithm'); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__]; +} + +// Wrapper function for 'wernis_encryption_mode' +function getWernisEncryptionMode () { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__])) { + // Get config entry + $GLOBALS[__FUNCTION__] = getConfig('wernis_encryption_mode'); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__]; +} + +// Wrapper function for 'wernis_private_key' +function getWernisPrivateKey () { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__])) { + // Get config entry + $GLOBALS[__FUNCTION__] = getConfig('wernis_private_key'); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__]; +} + // [EOF] ?>