defined('_SECURE_') or die('Forbidden');
if (!auth_isvalid()) {
auth_block();
}
$view = $_REQUEST['view'];
$uname = $_REQUEST['uname'];
if (!$uname || $uname && $uname == $user_config['username']) {
$user_edited = $user_config;
$c_username = $user_config['username'];
} else {
if (auth_isadmin()) {
$user_edited = user_getdatabyusername($uname);
$c_username = $uname;
$url_uname = '&uname=' . $uname;
} else {
$user_edited = user_getdatabyusername($uname);
$c_username = $uname;
$url_uname = '&uname=' . $uname;
if ($user_edited['parent_uid'] == $user_config['uid']) {
$is_parent = TRUE;
} else {
auth_block();
}
}
}
$c_uid = user_username2uid($c_username);
switch (_OP_) {
case "user_config":
if ($c_user = dba_search(_DB_PREF_ . '_tblUser', '*', array('flag_deleted' => 0, 'uid' => $c_uid))) {
$token = $c_user[0]['token'];
$webservices_ip = $c_user[0]['webservices_ip'];
function recvsms_inbox_add($sms_datetime, $sms_sender, $target_user, $message, $sms_receiver = "", $reference_id = '')
{
global $core_config;
// sms to inbox will be handled by plugins first
$ret_intercept = recvsms_inbox_add_intercept($sms_datetime, $sms_sender, $target_user, $message, $sms_receiver, $reference_id);
if ($ret_intercept['param_modified']) {
$sms_datetime = $ret_intercept['param']['sms_datetime'] ? $ret_intercept['param']['sms_datetime'] : $sms_datetime;
$sms_sender = $ret_intercept['param']['sms_sender'] ? $ret_intercept['param']['sms_sender'] : $sms_sender;
$target_user = $ret_intercept['param']['target_user'] ? $ret_intercept['param']['target_user'] : $target_user;
$message = $ret_intercept['param']['message'] ? $ret_intercept['param']['message'] : $message;
$sms_receiver = $ret_intercept['param']['sms_receiver'] ? $ret_intercept['param']['sms_receiver'] : $sms_receiver;
$reference_id = $ret_intercept['param']['reference_id'] ? $ret_intercept['param']['reference_id'] : $reference_id;
}
$ok = FALSE;
if ($sms_sender && $target_user && $message) {
$user = user_getdatabyusername($target_user);
if ($uid = $user['uid']) {
// discard if banned
if (user_banned_get($uid)) {
logger_print("user banned, message ignored uid:" . $uid, 2, "recvsms_inbox_add");
return FALSE;
}
// get name from target_user's phonebook
$c_name = '';
if (substr($sms_sender, 0, 1) == '@') {
$c_username = str_replace('@', '', $sms_sender);
$c_name = user_getfieldbyusername($c_username, 'name');
} else {
$c_name = phonebook_number2name($uid, $sms_sender);
}
$sender = $c_name ? $c_name . ' (' . $sms_sender . ')' : $sms_sender;
// forward to Inbox
if ($fwd_to_inbox = $user['fwd_to_inbox']) {
$db_query = "\n\t\t\t\t\tINSERT INTO " . _DB_PREF_ . "_tblSMSInbox\n\t\t\t\t\t(in_sender,in_receiver,in_uid,in_msg,in_datetime,reference_id)\n\t\t\t\t\tVALUES ('{$sms_sender}','{$sms_receiver}','{$uid}','{$message}','" . core_adjust_datetime($sms_datetime) . "','{$reference_id}')\n\t\t\t\t";
logger_print("saving sender:" . $sms_sender . " receiver:" . $sms_receiver . " target:" . $target_user . " reference_id:" . $reference_id, 2, "recvsms_inbox_add");
if ($inbox_id = @dba_insert_id($db_query)) {
logger_print("saved id:" . $inbox_id . " sender:" . $sms_sender . " receiver:" . $sms_receiver . " target:" . $target_user, 2, "recvsms_inbox_add");
$ok = TRUE;
}
}
// forward to email, consider site config too
if ($parent_uid = user_getparentbyuid($uid)) {
$site_config = site_config_get($parent_uid);
}
$web_title = $site_config['web_title'] ? $site_config['web_title'] : $core_config['main']['web_title'];
$email_service = $site_config['email_service'] ? $site_config['email_service'] : $core_config['main']['email_service'];
$email_footer = $site_config['email_footer'] ? $site_config['email_footer'] : $core_config['main']['email_footer'];
$sms_receiver = $sms_receiver ? $sms_receiver : '-';
if ($fwd_to_email = $user['fwd_to_email']) {
if ($email = $user['email']) {
$subject = _('Message from') . " " . $sender;
$body = $web_title . "\n\n";
$body .= _('Message received at') . " " . $sms_receiver . " " . _('on') . " " . $sms_datetime . "\n\n";
$body .= _('From') . " " . $sender . "\n\n";
$body .= $message . "\n\n--\n";
$body .= $email_footer . "\n\n";
$body = stripslashes($body);
logger_print("send email from:" . $email_service . " to:" . $email . " message:[" . $message . "]", 3, "recvsms_inbox_add");
$data = array('mail_from_name' => $web_title, 'mail_from' => $email_service, 'mail_to' => $email, 'mail_subject' => $subject, 'mail_body' => $body);
sendmail($data);
logger_print("sent email from:" . $email_service . " to:" . $email, 3, "recvsms_inbox_add");
}
}
// forward to mobile
if ($fwd_to_mobile = $user['fwd_to_mobile']) {
if ($mobile = $user['mobile']) {
// fixme anton
$c_message = $message . ' ' . $sender;
if ($sender_uid = user_mobile2uid($sms_sender)) {
if ($sender_username = user_uid2username($sender_uid)) {
$c_message = $message . ' ' . '@' . $sender_username;
}
}
$message = $c_message;
$unicode = core_detect_unicode($message);
$nofooter = TRUE;
logger_print("send to mobile:" . $mobile . " from:" . $sms_sender . " user:"******" message:" . $message, 3, "recvsms_inbox_add");
list($ok, $to, $smslog_id, $queue) = sendsms($target_user, $mobile, $message, 'text', $unicode, '', $nofooter);
if ($ok[0] == 1) {
logger_print("sent to mobile:" . $mobile . " from:" . $sms_sender . " user:"******"recvsms_inbox_add");
}
}
}
}
}
return $ok;
}
$nav = q_sanitize($_REQUEST['nav']);
$username = $_COOKIE['vc2'];
$uid = username2uid($username);
$sender = username2sender($username);
$footer = username2footer($username);
$mobile = username2mobile($username);
$email = username2email($username);
$name = username2name($username);
$status = username2status($username);
$userstatus = isadmin() ? 'Administrator' : ' Normal User';
// reserved important keywords
$reserved_keywords = array("PV", "BC");
$core_config['reserved_keywords'] = $reserved_keywords;
// load user's data from user's DB table
if (valid()) {
$core_config['user'] = user_getdatabyusername($username);
}
// action icon
$icon_edit = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/edit_action.gif\" alt=\"" . _('Edit') . "\" title=\"" . _('Edit') . "\" border=0>";
$icon_delete = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/delete_action.gif\" alt=\"" . _('Delete') . "\" title=\"" . _('Delete') . "\" border=0>";
$icon_reply = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/reply_action.gif\" alt=\"" . _('Reply') . "\" title=\"" . _('Reply') . "\" border=0>";
$icon_manage = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/manage_action.gif\" alt=\"" . _('Manage') . "\" title=\"" . _('Manage') . "\" border=0>";
$icon_view = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/view_action.gif\" alt=\"" . _('View') . "\" title=\"" . _('View') . "\" border=0>";
$icon_calendar = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/cal.gif\" alt=\"" . _('Pick Date & Time') . "\" title=\"" . _('Pick Date & Time') . "\" border=0>";
$icon_sendsms = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/sendsms.gif\" alt=\"" . _('Send SMS') . "\" title=\"" . _('Send SMS') . "\" border=0>";
$icon_phonebook = "<img src=\"" . $http_path['themes'] . "/" . $themes_module . "/images/phonebook_action.gif\" alt=\"" . _('Phonebook') . "\" title=\"" . _('Phonebook') . "\" border=0>";
// menus
$core_config['menu']['main_tab']['home'] = _('Home');
$core_config['menu']['main_tab']['my_account'] = _('My Account');
$core_config['menu']['main_tab']['administration'] = _('Administration');
$core_config['menu']['main_tab']['feature'] = _('Feature');
/**
* Send SMS to phonebook group
*
* @global array $core_config
* @param string $username
* @param integer $gpid
* @param string $message
* @param string $sms_type
* @param integer $unicode
* @param string $smsc
* @param boolean $nofooter
* @param string $sms_footer
* @param string $sms_sender
* @param string $sms_schedule
* @return array array($status, $sms_to, $smslog_id, $queue)
*/
function sendsms_bc($username, $gpid, $message, $sms_type = 'text', $unicode = 0, $smsc = '', $nofooter = false, $sms_footer = '', $sms_sender = '', $sms_schedule = '')
{
global $core_config, $user_config;
$user = $user_config;
if ($username && $user['username'] != $username) {
$user = user_getdatabyusername($username);
}
$uid = $user['uid'];
// discard if banned
if (user_banned_get($uid)) {
logger_print("user banned, exit immediately uid:" . $uid, 2, "sendsms_bc");
return array(FALSE, '', '', '', '');
}
// SMS sender ID
$sms_sender = core_sanitize_sender($sms_sender);
$sms_sender = $sms_sender && sender_id_isvalid($username, $sms_sender) ? $sms_sender : sendsms_get_sender($username);
// SMS footer
$sms_footer = core_sanitize_footer($sms_footer);
$sms_footer = $sms_footer ? $sms_footer : $user['footer'];
if ($nofooter) {
$sms_footer = '';
}
// a hack to remove \r from \r\n
// the issue begins with ENTER being \r\n and detected as 2 chars
// and since the javascript message counter can't detect it as 2 chars
// thus the message length counts is inaccurate
$message = str_replace("\r\n", "\n", $message);
// just to make sure its length, we need to stripslashes message before enter other procedures
$sms_sender = stripslashes($sms_sender);
$message = stripslashes($message);
$sms_footer = stripslashes($sms_footer);
// fixme anton - fix #71 but not sure whats the correct solution for this
// $max_length = ( $unicode ? $user['opt']['max_sms_length_unicode'] : $user['opt']['max_sms_length'] );
$max_length = $user['opt']['max_sms_length'];
if (strlen($message) > $max_length) {
$message = substr($message, 0, $max_length);
}
$sms_msg = $message;
logger_print("start uid:" . $uid . " sender:" . $sms_sender, 2, "sendsms_bc");
// add a space infront of footer if exists
$c_sms_footer = trim($sms_footer) ? ' ' . trim($sms_footer) : '';
logger_print("maxlen:" . $max_length . " footerlen:" . strlen($c_sms_footer) . " footer:[" . $c_sms_footer . "] msglen:" . strlen($sms_msg) . " message:[" . $sms_msg . "]", 3, "sendsms_bc");
// destination group should be an array, if single then make it array of 1 member
if (is_array($gpid)) {
$array_gpid = $gpid;
} else {
$array_gpid = explode(',', $gpid);
}
$j = 0;
for ($i = 0; $i < count($array_gpid); $i++) {
if ($c_gpid = trim($array_gpid[$i])) {
logger_print("start gpid:" . $c_gpid . " uid:" . $uid . " sender:" . $sms_sender, 2, "sendsms_bc");
// create a queue
$queue_code = sendsms_queue_create($sms_sender, $sms_footer, $sms_msg, $uid, $c_gpid, $sms_type, $unicode, $sms_schedule, $smsc);
if (!$queue_code) {
// when unable to create a queue then immediately returns FALSE, no point to continue
logger_print("fail to finalize queue creation, exit immediately", 2, "sendsms_bc");
return array(FALSE, '', '', '', '');
}
$queue_count = 0;
$sms_count = 0;
$failed_queue_count = 0;
$failed_sms_count = 0;
$rows = phonebook_getdatabyid($c_gpid);
if (is_array($rows)) {
foreach ($rows as $key => $db_row) {
$p_num = trim($db_row['p_num']);
if ($sms_to = sendsms_getvalidnumber($p_num)) {
$sms_to = sendsms_manipulate_prefix($sms_to, $user);
if ($smslog_id[$j] = sendsms_queue_push($queue_code, $sms_to)) {
$ok[$j] = true;
$queue_count++;
$sms_count += $count;
} else {
$ok[$j] = FALSE;
$failed_queue_count++;
$failed_sms_count++;
}
$to[$j] = $sms_to;
$queue[$j] = $queue_code;
$counts[$j] = $count;
$j++;
}
}
}
if (sendsms_queue_update($queue_code, array('flag' => '0', 'sms_count' => $sms_count))) {
logger_print("end queue_code:" . $queue_code . " queue_count:" . $queue_count . " sms_count:" . $sms_count . " failed_queue:" . $failed_queue_count . " failed_sms:" . $failed_sms_count, 2, "sendsms_bc");
} else {
logger_print("fail to prepare queue, exit immediately queue_code:" . $queue_code, 2, "sendsms_bc");
return array(FALSE, '', '', $queue_code, '');
}
}
}
if (!$core_config['issendsmsd']) {
unset($ok);
unset($to);
unset($queue);
unset($counts);
logger_print("sendsmsd off immediately process queue_code:" . $queue_code, 2, "sendsms_bc");
list($ok, $to, $smslog_id, $queue, $counts) = sendsmsd($queue_code);
}
return array($ok, $to, $smslog_id, $queue, $counts);
}
function webservices_query($username)
{
$user = user_getdatabyusername($username);
// get user's data
$status = $user['status'];
$uid = $user['uid'];
$name = $user['name'];
$email = $user['email'];
$mobile = $user['mobile'];
// get credit
$credit = rate_getusercredit($username);
$credit = $credit ? $credit : '0';
// get last id on user's inbox table
$fields = 'in_id';
$conditions = array('in_uid' => $uid, 'flag_deleted' => 0);
$extras = array('ORDER BY' => 'in_id DESC', 'LIMIT' => 1);
$list = dba_search(_DB_PREF_ . '_tblSMSInbox', $fields, $conditions, '', $extras);
$last_inbox_id = $list[0]['in_id'];
// get last id on incoming table
$fields = 'in_id';
$conditions = array('in_uid' => $uid, 'flag_deleted' => 0, 'in_status' => 1);
$extras = array('ORDER BY' => 'in_id DESC', 'LIMIT' => 1);
$list = dba_search(_DB_PREF_ . '_tblSMSIncoming', $fields, $conditions, '', $extras);
$last_incoming_id = $list[0]['in_id'];
// get last id on outgoing table
$fields = 'smslog_id';
$conditions = array('uid' => $uid, 'flag_deleted' => 0);
$extras = array('ORDER BY' => 'smslog_id DESC', 'LIMIT' => 1);
$list = dba_search(_DB_PREF_ . '_tblSMSOutgoing', $fields, $conditions, '', $extras);
$last_outgoing_id = $list[0]['smslog_id'];
// compile data
$data = array('user' => array('username' => $username, 'uid' => (int) $uid, 'status' => (int) $status, 'name' => $name, 'email' => $email, 'mobile' => $mobile, 'credit' => $credit), 'last_id' => array('user_inbox' => (int) $last_inbox_id, 'user_incoming' => (int) $last_incoming_id, 'user_outgoing' => (int) $last_outgoing_id));
$json['status'] = 'OK';
$json['error'] = '0';
$json['data'] = $data;
return $json;
}
function insertsmstoinbox($sms_datetime, $sms_sender, $target_user, $message, $sms_receiver = "")
{
global $core_config, $web_title, $email_service, $email_footer;
// sms to inbox will be handled by plugin/tools/* first
$ret_intercept = interceptsmstoinbox($sms_datetime, $sms_sender, $target_user, $message, $sms_receiver);
if ($ret_intercept['param_modified']) {
$sms_datetime = $ret_intercept['param']['sms_datetime'] ? $ret_intercept['param']['sms_datetime'] : $sms_datetime;
$sms_sender = $ret_intercept['param']['sms_sender'] ? $ret_intercept['param']['sms_sender'] : $sms_sender;
$target_user = $ret_intercept['param']['target_user'] ? $ret_intercept['param']['target_user'] : $target_user;
$message = $ret_intercept['param']['message'] ? $ret_intercept['param']['message'] : $message;
$sms_receiver = $ret_intercept['param']['sms_receiver'] ? $ret_intercept['param']['sms_receiver'] : $sms_receiver;
}
$ok = false;
if ($sms_sender && $target_user && $message) {
$user = user_getdatabyusername($target_user);
if ($uid = $user['uid']) {
// forward to Inbox
if ($fwd_to_inbox = $user['fwd_to_inbox']) {
$db_query = "\n\t\t INSERT INTO " . _DB_PREF_ . "_tblUserInbox\n\t\t (in_sender,in_receiver,in_uid,in_msg,in_datetime) \n\t\t VALUES ('{$sms_sender}','{$sms_receiver}','{$uid}','{$message}','{$sms_datetime}')\n\t\t";
logger_print("saving sender:" . $sms_sender . " receiver:" . $sms_receiver . " target:" . $target_user, 3, "insertsmstoinbox");
if ($cek_ok = @dba_insert_id($db_query)) {
logger_print("saved sender:" . $sms_sender . " receiver:" . $sms_receiver . " target:" . $target_user, 3, "insertsmstoinbox");
}
}
// forward to email
if ($fwd_to_email = $user['fwd_to_email']) {
if ($email = $user['email']) {
// make sure sms_datetime is in supported format and in user's timezone
$sms_datetime = core_display_datetime($sms_datetime);
// get name from target_user's phonebook
$c_name = phonebook_number2name($sms_sender, $target_user);
$sender = $c_name ? $c_name . ' <' . $sms_sender . '>' : $sms_sender;
// fixme anton - slash maddess
$message = stripslashes($message);
$subject = "[SMSGW-PV] " . _('from') . " {$sms_sender}";
$body = _('Forward Private WebSMS') . " ({$web_title})\n\n";
$body .= _('Date time') . ": {$sms_datetime}\n";
$body .= _('Sender') . ": {$sender}\n";
$body .= _('Receiver') . ": {$sms_receiver}\n\n";
$body .= _('Message') . ":\n{$message}\n\n";
$body .= $email_footer . "\n\n";
logger_print("send email from:" . $email_service . " to:" . $email, 3, "insertsmstoinbox");
sendmail($email_service, $email, $subject, $body);
logger_print("sent email from:" . $email_service . " to:" . $email, 3, "insertsmstoinbox");
}
$ok = true;
}
// forward to mobile
if ($fwd_to_mobile = $user['fwd_to_mobile']) {
if ($mobile = $user['mobile']) {
$unicode = 0;
if (function_exists('mb_detect_encoding')) {
$encoding = mb_detect_encoding($message, 'auto');
if ($encoding != 'ASCII') {
$unicode = 1;
}
}
$message = $sender . ' ' . $message;
logger_print("send to mobile:" . $mobile . " from:" . $sender . " user:"******"insertsmstoinbox");
list($ok, $to, $smslog_id) = sendsms_pv($target_user, $mobile, $message, 'text', $unicode);
if ($ok[0]) {
logger_print("sent to mobile:" . $mobile . " from:" . $sender . " user:"******"insertsmstoinbox");
}
}
}
}
}
return $ok;
}
function mailsms_hook_playsmsd_once($param)
{
if ($param != 'mailsms_fetch') {
return;
}
// get username
$username = user_uid2username($uid);
// _log('fetch uid:' . $uid . ' username:'******'mailsms_hook_playsmsd_once');
$items_global = registry_search(0, 'features', 'mailsms');
$enable_fetch = $items_global['features']['mailsms']['enable_fetch'];
if (!$enable_fetch) {
return;
}
$ssl = $items_global['features']['mailsms']['ssl'] == 1 ? "/ssl" : "";
$novalidate_cert = $items_global['features']['mailsms']['novalidate_cert'] == 1 ? "/novalidate-cert" : "";
$email_hostname = '{' . $items_global['features']['mailsms']['server'] . ':' . $items_global['features']['mailsms']['port'] . '/' . $items_global['features']['mailsms']['protocol'] . $ssl . $novalidate_cert . '}INBOX';
$email_username = $items_global['features']['mailsms']['username'];
$email_password = $items_global['features']['mailsms']['password'];
// _log('fetch ' . $email_username . ' at ' . $email_hostname, 3, 'mailsms_hook_playsmsd_once');
// open mailbox
$inbox = imap_open($email_hostname, $email_username, $email_password);
if (!$inbox) {
$errors = imap_errors();
foreach ($errors as $error) {
// _log('error:' . $error, 3, 'mailsms_hook_playsmsd_once');
}
return;
}
$emails = imap_search($inbox, 'UNSEEN');
if (count($emails)) {
rsort($emails);
foreach ($emails as $email_number) {
$overview = imap_fetch_overview($inbox, $email_number, 0);
$email_subject = trim($overview[0]->subject);
$email_sender = trim($overview[0]->from);
$email_body = trim(imap_fetchbody($inbox, $email_number, 1));
_log('email from:[' . $email_sender . '] subject:[' . $email_subject . '] body:[' . $email_body . ']', 3, 'mailsms_hook_playsmsd');
$e = preg_replace('/\\s+/', ' ', trim($email_subject));
$f = preg_split('/ +/', $e);
$sender_username = str_replace('@', '', $f[0]);
// in case user use @username
$sender_pin = $f[1];
//$message = str_replace($sender_username . ' ' . $sender_pin . ' ', '', $email_subject);
$c_message = preg_split("/[\\s]+/", $email_subject, 3);
$message = $c_message[2];
$sender = user_getdatabyusername($sender_username);
if ($sender['uid']) {
$items = registry_search($sender['uid'], 'features', 'mailsms_user');
$pin = $items['features']['mailsms_user']['pin'];
if ($sender_pin && $pin && $sender_pin == $pin) {
if ($items_global['features']['mailsms']['check_sender']) {
preg_match('#\\<(.*?)\\>#', $email_sender, $match);
$sender_email = $match[1];
if ($sender['email'] != $sender_email) {
_log('check_sender:1 unknown sender from:' . $sender_email . ' uid:' . $sender['uid'] . ' e:' . $sender['email'], 3, 'mailsms_hook_playsmsd_once');
continue;
}
}
} else {
_log('invalid pin uid:' . $sender['uid'] . ' sender_pin:[' . $sender_pin . ']', 3, 'mailsms_hook_playsmsd_once');
continue;
}
} else {
_log('invalid username sender_username:[' . $sender_username . ']', 3, 'mailsms_hook_playsmsd_once');
continue;
}
// destination numbers is in array and retrieved from email body
// remove email footer/signiture
$sms_to = preg_replace('/--[\\r\\n]+.*/s', '', $email_body);
$sms_to = explode(',', $sms_to);
// sendsms
if ($sender_username && count($sms_to) && $message) {
_log('mailsms uid:' . $sender['uid'] . ' from:[' . $sender_email . '] username:[' . $sender_username . ']', 3, 'mailsms_hook_playsmsd_once');
list($ok, $to, $smslog_id, $queue, $counts, $sms_count, $sms_failed) = sendsms_helper($sender_username, $sms_to, $message, '', '', '', '', '', '', $reference_id);
}
}
}
// close mailbox
imap_close($inbox);
}
} else {
$json['status'] = 'ERR';
$json['error'] = '100';
}
} else {
$json['status'] = 'ERR';
$json['error'] = '100';
}
} else {
$json['status'] = 'ERR';
$json['error'] = '100';
}
$log_this = TRUE;
break;
case "WS_LOGIN":
$user = user_getdatabyusername($u);
if ($c_uid = $user['uid']) {
// supplied login key
$login_key = trim($_REQUEST['login_key']);
// saved login key
$reg = registry_search($c_uid, 'core', 'webservices', 'login_key');
$c_login_key = trim($reg['core']['webservices']['login_key']);
// immediately remove saved login key, only proceed upon successful removal
if (registry_remove($c_uid, 'core', 'webservices', 'login_key')) {
// auth by comparing login keys
if ($login_key && $c_login_key && $login_key == $c_login_key) {
// setup login session
auth_session_setup($c_uid);
_log("webservices logged in u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices");
} else {
_log("webservices invalid login u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices");
/**
* Send SMS
*
* @global array $core_config, $user_config
* @param string $username
* @param mixed $sms_to
* @param string $message
* @param string $sms_type
* @param integer $unicode
* @param string $smsc
* @param boolean $nofooter
* @param string $sms_footer
* @param string $sms_sender
* @param string $sms_schedule
* @return array array($status, $sms_to, $smslog_id, $queue, $counts, $error_strings)
*/
function sendsms($username, $sms_to, $message, $sms_type = 'text', $unicode = 0, $smsc = '', $nofooter = false, $sms_footer = '', $sms_sender = '', $sms_schedule = '')
{
global $core_config, $user_config;
// htmlspecialchars_decode to message and footer
$message = htmlspecialchars_decode($message);
$sms_footer = htmlspecialchars_decode($sms_footer);
// get user data
$user = $user_config;
if ($username && $user['username'] != $username) {
$user = user_getdatabyusername($username);
}
if (!is_array($sms_to)) {
$sms_to = explode(',', $sms_to);
}
$uid = $user['uid'];
// discard if banned
if (user_banned_get($uid)) {
_log("user banned, exit immediately uid:" . $uid . ' username:'******'username'], 2, "sendsms");
return array(FALSE, '', '', '', '', sprintf(_('Account %s is currently banned to use services'), $username));
}
// SMS sender ID
$sms_sender = core_sanitize_sender($sms_sender);
$sms_sender = $sms_sender && sender_id_isvalid($username, $sms_sender) ? $sms_sender : sendsms_get_sender($username);
// SMS footer
$sms_footer = core_sanitize_footer($sms_footer);
$sms_footer = $sms_footer ? $sms_footer : $user['footer'];
if ($nofooter) {
$sms_footer = '';
}
// a hack to remove \r from \r\n
// the issue begins with ENTER being \r\n and detected as 2 chars
// and since the javascript message counter can't detect it as 2 chars
// thus the message length counts is inaccurate
$message = str_replace("\r\n", "\n", $message);
// just to make sure its length, we need to stripslashes message before enter other procedures
$sms_sender = stripslashes($sms_sender);
$message = stripslashes($message);
$sms_footer = stripslashes($sms_footer);
// fixme anton - fix #71 but not sure whats the correct solution for this
// $max_length = ( $unicode ? $user['opt']['max_sms_length_unicode'] : $user['opt']['max_sms_length'] );
$max_length = $user['opt']['max_sms_length'];
if (strlen($message) > $max_length) {
$message = substr($message, 0, $max_length);
}
$sms_msg = $message;
_log("start uid:" . $uid . " sender_id:[" . $sms_sender . "] smsc:[" . $smsc . "]", 2, "sendsms");
// add a space infront of footer if exists
$c_sms_footer = trim($sms_footer) ? ' ' . trim($sms_footer) : '';
_log("maxlen:" . $max_length . " footerlen:" . strlen($c_sms_footer) . " footer:[" . $c_sms_footer . "] msglen:" . strlen($sms_msg) . " message:[" . $sms_msg . "]", 3, "sendsms");
// create a queue
$queue_code = sendsms_queue_create($sms_sender, $sms_footer, $sms_msg, $uid, 0, $sms_type, $unicode, $sms_schedule, $smsc);
if (!$queue_code) {
// when unable to create a queue then immediately returns FALSE, no point to continue
_log("fail to finalize queue creation, exit immediately", 2, "sendsms");
return array(FALSE, '', '', '', '', _('Send message failed due to unable to create queue'));
}
if (is_array($sms_to)) {
$array_sms_to = $sms_to;
} else {
$array_sms_to = explode(',', $sms_to);
}
// get manipulated and valid destination numbers
$all_sms_to = array();
for ($i = 0; $i < count($array_sms_to); $i++) {
if ($c_sms_to = sendsms_getvalidnumber(trim($array_sms_to[$i]))) {
$c_sms_to = sendsms_manipulate_prefix(trim($c_sms_to), $user);
$all_sms_to[] = $c_sms_to;
}
}
// remove double entries
$all_sms_to = array_unique($all_sms_to, SORT_STRING);
// calculate total sms and charges
$total_count = 0;
$total_charges = 0;
foreach ($all_sms_to as $c_sms_to) {
list($count, $rate, $charge) = rate_getcharges($uid, strlen($message . $c_sms_footer), $unicode, $c_sms_to);
$total_count += $count;
$total_charges += $charge;
}
_log('dst:' . count($all_sms_to) . ' sms_count:' . $total_count . ' total_charges:' . $total_charges, 2, 'sendsms');
// sender's
$credit = rate_getusercredit($user['username']);
$balance = $credit - $total_charges;
// parent's when sender is a subuser
$parent_uid = user_getparentbyuid($user['uid']);
if ($parent_uid) {
$username_parent = user_uid2username($parent_uid);
$credit_parent = rate_getusercredit($username_parent);
$balance_parent = $credit_parent - $total_charges;
}
if ($parent_uid) {
if (!($balance_parent >= 0)) {
_log('failed parent do not have enough credit. credit:' . $credit_parent . ' dst:' . count($all_sms_to) . ' sms_count:' . $total_count . ' total_charges:' . $total_charges, 2, 'sendsms');
return array(FALSE, '', '', '', '', _('Internal error please contact service provider'));
}
} else {
if (!($balance >= 0)) {
_log('failed user do not have enough credit. credit:' . $credit_parent . ' dst:' . count($all_sms_to) . ' sms_count:' . $total_count . ' total_charges:' . $total_charges, 2, 'sendsms');
return array(FALSE, '', '', '', '', _('Send message failed due to insufficient funds'));
}
}
// default returns
for ($i = 0; $i < count($all_sms_to); $i++) {
$ok[$i] = FALSE;
$to[$i] = $all_sms_to[$i];
$smslog_id[$i] = 0;
$queue[$i] = $queue_code;
$counts[$i] = $count;
}
$queue_count = 0;
$sms_count = 0;
$failed_queue_count = 0;
$failed_sms_count = 0;
for ($i = 0; $i < count($all_sms_to); $i++) {
$c_sms_to = $all_sms_to[$i];
$continue = TRUE;
if (blacklist_mobile_isexists(0, $c_sms_to)) {
$continue = FALSE;
_log("fail to send. mobile is in the blacklist mobile:" . $c_sms_to, 2, "sendsms");
}
if ($continue && ($smslog_id[$i] = sendsms_queue_push($queue_code, $c_sms_to))) {
$ok[$i] = TRUE;
$queue_count++;
$sms_count += $count;
$error_strings[$i] = sprintf(_('Message %s has been delivered to queue'), $smslog_id[$i]);
} else {
$ok[$i] = FALSE;
$failed_queue_count++;
$failed_sms_count++;
$error_strings[$i] = sprintf(_('Send message to %s in queue %s has failed'), $c_sms_to, $queue_code);
}
$to[$i] = $c_sms_to;
$queue[$i] = $queue_code;
$counts[$i] = $count;
}
if (sendsms_queue_update($queue_code, array('flag' => '0', 'queue_count' => $queue_count, 'sms_count' => $sms_count))) {
_log("end queue_code:" . $queue_code . " queue_count:" . $queue_count . " sms_count:" . $sms_count . " failed_queue:" . $failed_queue_count . " failed_sms:" . $failed_sms_count, 2, "sendsms");
} else {
_log("fail to prepare queue, exit immediately queue_code:" . $queue_code, 2, "sendsms");
return array(FALSE, '', '', $queue_code, '', sprintf(_('Send message failed due to unable to prepare queue %s'), $queue_code));
}
if (!$core_config['issendsmsd']) {
unset($ok);
unset($to);
unset($queue);
unset($counts);
_log("sendsmsd off immediately process queue_code:" . $queue_code, 2, "sendsms");
list($ok, $to, $smslog_id, $queue, $counts) = sendsmsd($queue_code);
}
return array($ok, $to, $smslog_id, $queue, $counts, $error_strings);
}
function webservices_sx($c_username, $src = '', $dst = '', $datetime = '', $c = 100, $last = false)
{
$json['status'] = 'ERR';
$json['error'] = '501';
$u = user_getdatabyusername($c_username);
if ($u['status'] != 2) {
return $json;
}
$uid = $u['uid'];
$conditions = array('flag_deleted' => 0, 'in_status' => 0);
if ($src) {
if ($src[0] == '0') {
$c_src = substr($src, 1);
} else {
$c_src = substr($src, 3);
}
$keywords['in_sender'] = '%' . $c_src;
}
if ($dst) {
$conditions['in_receiver'] = $dst;
}
if ($datetime) {
$keywords['in_datetime'] = '%' . $datetime . '%';
}
if ($last) {
$extras['AND in_id'] = '>' . $last;
}
$extras['ORDER BY'] = 'in_datetime DESC';
if ($c) {
$extras['LIMIT'] = $c;
} else {
$extras['LIMIT'] = 100;
}
if ($uid) {
$j = 0;
$list = dba_search(_DB_PREF_ . '_tblSMSIncoming', '*', $conditions, $keywords, $extras);
foreach ($list as $db_row) {
$id = $db_row['in_id'];
$src = $db_row['in_sender'];
$dst = $db_row['in_receiver'];
$message = str_replace('"', "'", $db_row['in_message']);
$datetime = $db_row['in_datetime'];
$status = $db_row['in_status'];
$json['data'][$j]['id'] = $id;
$json['data'][$j]['src'] = $src;
$json['data'][$j]['dst'] = $dst;
$json['data'][$j]['msg'] = $message;
$json['data'][$j]['dt'] = $datetime;
$j++;
}
if ($j > 0) {
unset($json['status']);
unset($json['error']);
}
}
return $json;
}
/**
* Validate data for user registration
*
* @param array $data
* User data
* @param boolean $flag_edit
* TRUE when edit action (currently not inuse)
* @return array $ret('error_string', 'status')
*/
function user_add_validate($data = array(), $flag_edit = FALSE)
{
global $core_config;
$ret['status'] = true;
if (is_array($data)) {
foreach ($data as $key => $val) {
$data[$key] = trim($val);
}
// password should be at least 4 characters
if ($data['password'] && strlen($data['password']) < 4) {
$ret['error_string'] = _('Password should be at least 4 characters');
$ret['status'] = false;
}
// username should be at least 3 characters and maximum $username_length
$username_length = $core_config['main']['username_length'] ? $core_config['main']['username_length'] : 30;
if ($ret['status'] && $data['username'] && (strlen($data['username']) < 3 || strlen($data['username']) > $username_length)) {
$ret['error_string'] = sprintf(_('Username must be at least 3 characters and maximum %d characters'), $username_length) . " (" . $data['username'] . ")";
$ret['status'] = false;
}
// username only can contain alphanumeric, dot and dash
if ($ret['status'] && $data['username'] && !preg_match('/([A-Za-z0-9\\.\\-])/', $data['username'])) {
$ret['error_string'] = _('Valid characters for username are alphabets, numbers, dot or dash') . " (" . $data['username'] . ")";
$ret['status'] = false;
}
// name must be exists
if ($ret['status'] && !$data['name']) {
$ret['error_string'] = _('Account name is mandatory');
$ret['status'] = false;
}
// email must be in valid format
if ($ret['status'] && !preg_match('/^(.+)@(.+)\\.(.+)$/', $data['email']) && !$core_config['main']['enhance_privacy_subuser']) {
if ($data['email']) {
$ret['error_string'] = _('Your email format is invalid') . " (" . $data['email'] . ")";
} else {
$ret['error_string'] = _('Email address is mandatory');
}
$ret['status'] = false;
}
// mobile must be in valid format, but check this only when filled
if ($ret['status'] && $data['mobile'] && !preg_match('/([0-9\\+\\- ])/', $data['mobile'])) {
$ret['error_string'] = _('Your mobile format is invalid') . " (" . $data['mobile'] . ")";
$ret['status'] = false;
}
// check if username is exists
if ($ret['status'] && $data['username'] && dba_isexists(_DB_PREF_ . '_tblUser', array('flag_deleted' => 0, 'username' => $data['username']), 'AND')) {
if (!$flag_edit) {
$ret['error_string'] = _('Account already exists') . " (" . _('username') . ": " . $data['username'] . ")";
$ret['status'] = false;
}
}
$existing = user_getdatabyusername($data['username']);
// check if email is exists
if ($ret['status'] && $data['email'] && dba_isexists(_DB_PREF_ . '_tblUser', array('flag_deleted' => 0, 'email' => $data['email']), 'AND')) {
if ($data['email'] != $existing['email']) {
$ret['error_string'] = _('Account with this email already exists') . " (" . _('email') . ": " . $data['email'] . ")";
$ret['status'] = false;
}
}
// check mobile, must check for duplication only when filled
if ($ret['status'] && $data['mobile']) {
if (dba_isexists(_DB_PREF_ . '_tblUser', array('flag_deleted' => 0, 'mobile' => $data['mobile']), 'AND')) {
if ($data['mobile'] != $existing['mobile']) {
$ret['error_string'] = _('Account with this mobile already exists') . " (" . _('mobile') . ": " . $data['mobile'] . ")";
$ret['status'] = false;
}
}
}
}
return $ret;
}
// plugins category
$plugins_category = array('feature', 'gateway', 'themes', 'language');
$core_config['plugins_category'] = $plugins_category;
// max sms text length
// single text sms can be 160 char instead of 1*153
$sms_max_count = (int) $sms_max_count < 1 ? 1 : (int) $sms_max_count;
$core_config['main']['sms_max_count'] = $sms_max_count;
$core_config['main']['per_sms_length'] = $core_config['main']['sms_max_count'] > 1 ? 153 : 160;
$core_config['main']['per_sms_length_unicode'] = $core_config['main']['sms_max_count'] > 1 ? 67 : 70;
$core_config['main']['max_sms_length'] = $core_config['main']['sms_max_count'] * $core_config['main']['per_sms_length'];
$core_config['main']['max_sms_length_unicode'] = $core_config['main']['sms_max_count'] * $core_config['main']['per_sms_length_unicode'];
// reserved important keywords
$core_config['reserved_keywords'] = array('BC');
if (auth_isvalid()) {
// load user's data from user's DB table
$user_config = user_getdatabyusername($_SESSION['username']);
$user_config['opt']['sms_footer_length'] = strlen($footer) > 0 ? strlen($footer) + 1 : 0;
$user_config['opt']['per_sms_length'] = $core_config['main']['per_sms_length'] - $user_config['opt']['sms_footer_length'];
$user_config['opt']['per_sms_length_unicode'] = $core_config['main']['per_sms_length_unicode'] - $user_config['opt']['sms_footer_length'];
$user_config['opt']['max_sms_length'] = $core_config['main']['max_sms_length'] - $user_config['opt']['sms_footer_length'];
$user_config['opt']['max_sms_length_unicode'] = $core_config['main']['max_sms_length_unicode'] - $user_config['opt']['sms_footer_length'];
$user_config['opt']['gravatar'] = 'https://www.gravatar.com/avatar/' . md5(strtolower(trim($user_config['email'])));
if (!$core_config['daemon_process']) {
// save login session information
user_session_set();
}
// special setting to credit unicode SMS the same as normal SMS length
// for example: 2 unicode SMS (140 chars length) will be deducted as 1 credit just like a normal SMS (160 chars length)
$result = registry_search($user_config['uid'], 'core', 'user_config', 'enable_credit_unicode');
$user_config['opt']['enable_credit_unicode'] = (int) $result['core']['user_config']['enable_credit_unicode'];
if (!$user_config['opt']['enable_credit_unicode']) {
* playSMS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with playSMS. If not, see <http://www.gnu.org/licenses/>.
*/
defined('_SECURE_') or die('Forbidden');
if (!auth_isuser()) {
if (!auth_isadmin()) {
auth_block();
}
}
if ($_REQUEST['uname']) {
$subuser_edited = user_getdatabyusername($_REQUEST['uname']);
if ($subuser_edited['status'] != 4 || $subuser_edited['parent_uid'] != $user_config['uid']) {
auth_block();
}
}
switch (_OP_) {
case "subuser_list":
$search_var = array(_('Registered') => 'register_datetime', _('Username') => 'username', _('Name') => 'name', _('Mobile') => 'mobile');
$search = themes_search($search_var);
$conditions = array('status' => 4, 'parent_uid' => $user_config['uid']);
$keywords = $search['dba_keywords'];
$count = dba_count(_DB_PREF_ . '_tblUser', $conditions, $keywords);
$nav = themes_nav($count, "index.php?app=main&inc=core_user&route=subuser_mgmnt&op=subuser_list");
$extras = array('ORDER BY' => 'register_datetime DESC, username', 'LIMIT' => $nav['limit'], 'OFFSET' => $nav['offset']);
$list = dba_search(_DB_PREF_ . '_tblUser', '*', $conditions, $keywords, $extras);
if ($err = $_SESSION['error_string']) {
