initial commit

config/config.php.template

@@ -0,0 +1,17 @@
+<?php
+
+// written by sqall
+// twitter: https://twitter.com/sqall01
+// blog: https://h4des.org/blog
+// github: https://github.com/sqall01
+// 
+// Licensed under the GNU Affero General Public License, version 3.
+
+$config_mysql_server = "localhost";
+$config_mysql_username = "chasr_db_user";
+$config_mysql_password = "<SECRET>";;
+$config_mysql_database = "chasr";
+$config_mysql_port = 3306;
+
+$config_session_expire = 86400;
+?>

config/install.php

@@ -0,0 +1,85 @@
+<?php
+
+// written by sqall
+// twitter: https://twitter.com/sqall01
+// blog: https://h4des.org/blog
+// github: https://github.com/sqall01
+// 
+// Licensed under the GNU Affero General Public License, version 3.
+
+// Include connection data for mysql db.
+require_once("./config.php");
+
+$mysqli = new mysqli(
+    $config_mysql_server,
+    $config_mysql_username,
+    $config_mysql_password,
+    $config_mysql_database,
+    $config_mysql_port);
+
+if($mysqli->connect_errno) {
+    die("Error: Database connection failed: " . $mysqli->connect_error);
+}
+
+date_default_timezone_set("UTC");
+
+// Create tables.
+$create_users_table = "CREATE TABLE IF NOT EXISTS users ("
+    . "id INTEGER PRIMARY KEY AUTO_INCREMENT,"
+    . "email VARCHAR(255) NOT NULL UNIQUE,"
+    . "active BOOLEAN NOT NULL"
+    . ");";
+
+$create_acl_table = "CREATE TABLE IF NOT EXISTS acl ("
+    . "users_id INTEGER NOT NULL,"
+    . "acl INTEGER NOT NULL,"
+    . "PRIMARY KEY(users_id, acl),"
+    . "FOREIGN KEY(users_id) REFERENCES users(id)"
+    . ");";
+
+$create_tokens_table = "CREATE TABLE IF NOT EXISTS tokens ("
+    . "users_id INTEGER PRIMARY KEY,"
+    . "token VARCHAR(255) NOT NULL,"
+    . "timestamp INTEGER NOT NULL,"
+    . "expiration INTEGER NOT NULL,"
+    . "FOREIGN KEY(users_id) REFERENCES users(id)"
+    . ");";
+
+$create_passwords_table = "CREATE TABLE IF NOT EXISTS passwords (" 
+    . "users_id INTEGER PRIMARY KEY,"
+    . "password_hash VARCHAR(255) NOT NULL,"
+    . "FOREIGN KEY(users_id) REFERENCES users(id)"
+    . ");";
+
+$create_gps_table = "CREATE TABLE IF NOT EXISTS chasr_gps ("
+    . "users_id INTEGER NOT NULL,"
+    . "device_name VARCHAR(255) NOT NULL,"
+    . "utctime INTEGER NOT NULL,"
+    . "iv CHAR(32) NOT NULL,"
+    . "latitude CHAR(32) NOT NULL,"
+    . "longitude CHAR(32) NOT NULL,"
+    . "altitude CHAR(32) NOT NULL,"
+    . "speed CHAR(32) NOT NULL,"
+    . "PRIMARY KEY(users_id, device_name, utctime),"
+    . "FOREIGN KEY(users_id) REFERENCES users(id)"
+    . ");";
+
+if($mysqli->query($create_users_table) !== TRUE) {
+    die("Error: Creating 'users' table failed.");
+}
+if($mysqli->query($create_acl_table) !== TRUE) {
+    die("Error: Creating 'acl' table failed.");
+}
+if($mysqli->query($create_tokens_table) !== TRUE) {
+    die("Error: Creating 'tokens' table failed.");
+}
+if($mysqli->query($create_passwords_table) !== TRUE) {
+    die("Error: Creating 'passwords' table failed.");
+}
+if($mysqli->query($create_gps_table) !== TRUE) {
+    die("Error: Creating 'chasr_gps' table failed.");
+}
+
+echo "Installation done."
+
+?>

delete.php

@@ -0,0 +1,152 @@
+<?php
+
+// written by sqall
+// twitter: https://twitter.com/sqall01
+// blog: https://h4des.org/blog
+// github: https://github.com/sqall01
+// 
+// Licensed under the GNU Affero General Public License, version 3.
+
+require_once(__DIR__ . "/config/config.php");
+require_once(__DIR__ . "/lib/helper.php");
+require_once(__DIR__ . "/lib/objects.php");
+
+// Set global settings.
+header("Content-type: application/json");
+date_default_timezone_set("UTC");
+
+// Start session.
+$cookie_conf = session_get_cookie_params();
+session_set_cookie_params($cookie_conf["lifetime"], // lifetime
+                          $cookie_conf["path"], // path
+                          $cookie_conf["domain"], // domain
+                          TRUE, // secure
+                          TRUE); // httponly
+session_start();
+
+// Check if needed data is given.
+if(!isset($_GET["mode"])
+   || !isset($_GET["device"])) {
+    $result = array();
+    $result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR;
+    $result["msg"] = "Mode or device not set.";
+    die(json_encode($result));
+}
+
+$mysqli = new mysqli(
+    $config_mysql_server,
+    $config_mysql_username,
+    $config_mysql_password,
+    $config_mysql_database,
+    $config_mysql_port);
+
+if($mysqli->connect_errno) {
+    $result = array();
+    $result["code"] = ErrorCodes::DATABASE_ERROR;
+    $result["msg"] = $mysqli->connect_error;
+    die(json_encode($result));
+}
+
+// Get user id.
+$user_id = auth_user($mysqli);
+if($user_id === -1 || $user_id === -4) {
+    chasr_session_destroy();
+    $result = array();
+    $result["code"] = ErrorCodes::AUTH_ERROR;
+    $result["msg"] = "Wrong user or password.";
+    die(json_encode($result));
+}
+else if($user_id === -2) {
+    chasr_session_destroy();
+    $result = array();
+    $result["code"] = ErrorCodes::DATABASE_ERROR;
+    $result["msg"] = "Database error during authentication.";
+    die(json_encode($result));
+}
+else if($user_id === -3) {
+    chasr_session_destroy();
+    $result = array();
+    $result["code"] = ErrorCodes::SESSION_EXPIRED;
+    $result["msg"] = "Authenticated session expired.";
+    die(json_encode($result));
+}
+
+// Check if the mode is supported.
+switch($_GET["mode"]) {
+    case "device":
+    case "position":
+        break;
+    default:
+        $result = array();
+        $result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR;
+        $result["msg"] = "Mode unknown.";
+        die(json_encode($result));
+}
+
+switch($_GET["mode"]) {
+
+    // Delete whole device and all its data.
+    case "device":
+
+        $delete_gps = "DELETE FROM chasr_gps WHERE "
+                      . "users_id = "
+                      . intval($user_id)
+                      . " AND "
+                      . "device_name = '"
+                      . $mysqli->real_escape_string($_GET["device"])
+                      . "'";
+
+        $result = $mysqli->query($delete_gps);
+        if(!$result) {
+            $result = array();
+            $result["code"] = ErrorCodes::DATABASE_ERROR;
+            $result["msg"] = $mysqli->error;
+            die(json_encode($result));
+        }
+
+        break;
+
+    // Delete single position.
+    case "position":
+
+        // Check if the time is given.
+        if(!isset($_GET["utctime"])) {
+
+            $result = array();
+            $result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR;
+            $result["msg"] = "Time not set.";
+            die(json_encode($result));
+        }
+
+        $delete_gps = "DELETE FROM chasr_gps WHERE "
+                      . "users_id = "
+                      . intval($user_id)
+                      . " AND "
+                      . "device_name = '"
+                      . $mysqli->real_escape_string($_GET["device"])
+                      . "' AND "
+                      . "utctime = "
+                      . intval($_GET["utctime"]);
+
+        $result = $mysqli->query($delete_gps);
+        if(!$result) {
+            $result = array();
+            $result["code"] = ErrorCodes::DATABASE_ERROR;
+            $result["msg"] = $mysqli->error;
+            die(json_encode($result));
+        }
+        break;
+
+    default:
+        $result = array();
+        $result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR;
+        $result["msg"] = "Mode unknown.";
+        die(json_encode($result));
+}
+
+$result = array();
+$result["code"] = ErrorCodes::NO_ERROR;
+$result["msg"] = "Success.";
+echo json_encode($result);
+
+?>