Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
61 changed files
with
5,918 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<?php | ||
|
||
// written by sqall | ||
// twitter: https://twitter.com/sqall01 | ||
// blog: https://h4des.org/blog | ||
// github: https://github.com/sqall01 | ||
// | ||
// Licensed under the GNU Affero General Public License, version 3. | ||
|
||
$config_mysql_server = "localhost"; | ||
$config_mysql_username = "chasr_db_user"; | ||
$config_mysql_password = "<SECRET>";; | ||
$config_mysql_database = "chasr"; | ||
$config_mysql_port = 3306; | ||
|
||
$config_session_expire = 86400; | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
<?php | ||
|
||
// written by sqall | ||
// twitter: https://twitter.com/sqall01 | ||
// blog: https://h4des.org/blog | ||
// github: https://github.com/sqall01 | ||
// | ||
// Licensed under the GNU Affero General Public License, version 3. | ||
|
||
// Include connection data for mysql db. | ||
require_once("./config.php"); | ||
|
||
$mysqli = new mysqli( | ||
$config_mysql_server, | ||
$config_mysql_username, | ||
$config_mysql_password, | ||
$config_mysql_database, | ||
$config_mysql_port); | ||
|
||
if($mysqli->connect_errno) { | ||
die("Error: Database connection failed: " . $mysqli->connect_error); | ||
} | ||
|
||
date_default_timezone_set("UTC"); | ||
|
||
// Create tables. | ||
$create_users_table = "CREATE TABLE IF NOT EXISTS users (" | ||
. "id INTEGER PRIMARY KEY AUTO_INCREMENT," | ||
. "email VARCHAR(255) NOT NULL UNIQUE," | ||
. "active BOOLEAN NOT NULL" | ||
. ");"; | ||
|
||
$create_acl_table = "CREATE TABLE IF NOT EXISTS acl (" | ||
. "users_id INTEGER NOT NULL," | ||
. "acl INTEGER NOT NULL," | ||
. "PRIMARY KEY(users_id, acl)," | ||
. "FOREIGN KEY(users_id) REFERENCES users(id)" | ||
. ");"; | ||
|
||
$create_tokens_table = "CREATE TABLE IF NOT EXISTS tokens (" | ||
. "users_id INTEGER PRIMARY KEY," | ||
. "token VARCHAR(255) NOT NULL," | ||
. "timestamp INTEGER NOT NULL," | ||
. "expiration INTEGER NOT NULL," | ||
. "FOREIGN KEY(users_id) REFERENCES users(id)" | ||
. ");"; | ||
|
||
$create_passwords_table = "CREATE TABLE IF NOT EXISTS passwords (" | ||
. "users_id INTEGER PRIMARY KEY," | ||
. "password_hash VARCHAR(255) NOT NULL," | ||
. "FOREIGN KEY(users_id) REFERENCES users(id)" | ||
. ");"; | ||
|
||
$create_gps_table = "CREATE TABLE IF NOT EXISTS chasr_gps (" | ||
. "users_id INTEGER NOT NULL," | ||
. "device_name VARCHAR(255) NOT NULL," | ||
. "utctime INTEGER NOT NULL," | ||
. "iv CHAR(32) NOT NULL," | ||
. "latitude CHAR(32) NOT NULL," | ||
. "longitude CHAR(32) NOT NULL," | ||
. "altitude CHAR(32) NOT NULL," | ||
. "speed CHAR(32) NOT NULL," | ||
. "PRIMARY KEY(users_id, device_name, utctime)," | ||
. "FOREIGN KEY(users_id) REFERENCES users(id)" | ||
. ");"; | ||
|
||
if($mysqli->query($create_users_table) !== TRUE) { | ||
die("Error: Creating 'users' table failed."); | ||
} | ||
if($mysqli->query($create_acl_table) !== TRUE) { | ||
die("Error: Creating 'acl' table failed."); | ||
} | ||
if($mysqli->query($create_tokens_table) !== TRUE) { | ||
die("Error: Creating 'tokens' table failed."); | ||
} | ||
if($mysqli->query($create_passwords_table) !== TRUE) { | ||
die("Error: Creating 'passwords' table failed."); | ||
} | ||
if($mysqli->query($create_gps_table) !== TRUE) { | ||
die("Error: Creating 'chasr_gps' table failed."); | ||
} | ||
|
||
echo "Installation done." | ||
|
||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
<?php | ||
|
||
// written by sqall | ||
// twitter: https://twitter.com/sqall01 | ||
// blog: https://h4des.org/blog | ||
// github: https://github.com/sqall01 | ||
// | ||
// Licensed under the GNU Affero General Public License, version 3. | ||
|
||
require_once(__DIR__ . "/config/config.php"); | ||
require_once(__DIR__ . "/lib/helper.php"); | ||
require_once(__DIR__ . "/lib/objects.php"); | ||
|
||
// Set global settings. | ||
header("Content-type: application/json"); | ||
date_default_timezone_set("UTC"); | ||
|
||
// Start session. | ||
$cookie_conf = session_get_cookie_params(); | ||
session_set_cookie_params($cookie_conf["lifetime"], // lifetime | ||
$cookie_conf["path"], // path | ||
$cookie_conf["domain"], // domain | ||
TRUE, // secure | ||
TRUE); // httponly | ||
session_start(); | ||
|
||
// Check if needed data is given. | ||
if(!isset($_GET["mode"]) | ||
|| !isset($_GET["device"])) { | ||
$result = array(); | ||
$result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR; | ||
$result["msg"] = "Mode or device not set."; | ||
die(json_encode($result)); | ||
} | ||
|
||
$mysqli = new mysqli( | ||
$config_mysql_server, | ||
$config_mysql_username, | ||
$config_mysql_password, | ||
$config_mysql_database, | ||
$config_mysql_port); | ||
|
||
if($mysqli->connect_errno) { | ||
$result = array(); | ||
$result["code"] = ErrorCodes::DATABASE_ERROR; | ||
$result["msg"] = $mysqli->connect_error; | ||
die(json_encode($result)); | ||
} | ||
|
||
// Get user id. | ||
$user_id = auth_user($mysqli); | ||
if($user_id === -1 || $user_id === -4) { | ||
chasr_session_destroy(); | ||
$result = array(); | ||
$result["code"] = ErrorCodes::AUTH_ERROR; | ||
$result["msg"] = "Wrong user or password."; | ||
die(json_encode($result)); | ||
} | ||
else if($user_id === -2) { | ||
chasr_session_destroy(); | ||
$result = array(); | ||
$result["code"] = ErrorCodes::DATABASE_ERROR; | ||
$result["msg"] = "Database error during authentication."; | ||
die(json_encode($result)); | ||
} | ||
else if($user_id === -3) { | ||
chasr_session_destroy(); | ||
$result = array(); | ||
$result["code"] = ErrorCodes::SESSION_EXPIRED; | ||
$result["msg"] = "Authenticated session expired."; | ||
die(json_encode($result)); | ||
} | ||
|
||
// Check if the mode is supported. | ||
switch($_GET["mode"]) { | ||
case "device": | ||
case "position": | ||
break; | ||
default: | ||
$result = array(); | ||
$result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR; | ||
$result["msg"] = "Mode unknown."; | ||
die(json_encode($result)); | ||
} | ||
|
||
switch($_GET["mode"]) { | ||
|
||
// Delete whole device and all its data. | ||
case "device": | ||
|
||
$delete_gps = "DELETE FROM chasr_gps WHERE " | ||
. "users_id = " | ||
. intval($user_id) | ||
. " AND " | ||
. "device_name = '" | ||
. $mysqli->real_escape_string($_GET["device"]) | ||
. "'"; | ||
|
||
$result = $mysqli->query($delete_gps); | ||
if(!$result) { | ||
$result = array(); | ||
$result["code"] = ErrorCodes::DATABASE_ERROR; | ||
$result["msg"] = $mysqli->error; | ||
die(json_encode($result)); | ||
} | ||
|
||
break; | ||
|
||
// Delete single position. | ||
case "position": | ||
|
||
// Check if the time is given. | ||
if(!isset($_GET["utctime"])) { | ||
|
||
$result = array(); | ||
$result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR; | ||
$result["msg"] = "Time not set."; | ||
die(json_encode($result)); | ||
} | ||
|
||
$delete_gps = "DELETE FROM chasr_gps WHERE " | ||
. "users_id = " | ||
. intval($user_id) | ||
. " AND " | ||
. "device_name = '" | ||
. $mysqli->real_escape_string($_GET["device"]) | ||
. "' AND " | ||
. "utctime = " | ||
. intval($_GET["utctime"]); | ||
|
||
$result = $mysqli->query($delete_gps); | ||
if(!$result) { | ||
$result = array(); | ||
$result["code"] = ErrorCodes::DATABASE_ERROR; | ||
$result["msg"] = $mysqli->error; | ||
die(json_encode($result)); | ||
} | ||
break; | ||
|
||
default: | ||
$result = array(); | ||
$result["code"] = ErrorCodes::ILLEGAL_MSG_ERROR; | ||
$result["msg"] = "Mode unknown."; | ||
die(json_encode($result)); | ||
} | ||
|
||
$result = array(); | ||
$result["code"] = ErrorCodes::NO_ERROR; | ||
$result["msg"] = "Success."; | ||
echo json_encode($result); | ||
|
||
?> |
Oops, something went wrong.