function sender_id_isvalid($username, $sender_id) { $uid = user_username2uid($username); foreach (sender_id_search($uid) as $value) { if ($sender_id == $value) { return TRUE; } } return FALSE; }
/** * Validate username and password * * @param string $username * Username * @param string $password * Password * @return boolean TRUE when validated or boolean FALSE when validation failed */ function auth_validate_login($username, $password) { $uid = user_username2uid($username); _log('login attempt u:' . $username . ' uid:' . $uid . ' p:' . md5($password) . ' ip:' . $_SERVER['REMOTE_ADDR'], 3, 'auth_validate_login'); // check blacklist if (blacklist_ifipexists($username, $_SERVER['REMOTE_ADDR'])) { _log('IP blacklisted u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login'); return FALSE; } if (user_banned_get($uid)) { _log('user banned u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login'); return FALSE; } $db_query = "SELECT password FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND username='******'"; $db_result = dba_query($db_query); $db_row = dba_fetch_array($db_result); $res_password = trim($db_row['password']); $password = md5($password); if ($password && $res_password && $password == $res_password) { _log('valid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login'); // remove IP on successful login blacklist_clearip($username, $_SERVER['REMOTE_ADDR']); return true; } else { $ret = registry_search(1, 'auth', 'tmp_password', $username); $tmp_password = $ret['auth']['tmp_password'][$username]; if ($password && $tmp_password && $password == $tmp_password) { _log('valid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'] . ' using temporary password', 2, 'auth_validate_login'); if (!registry_remove(1, 'auth', 'tmp_password', $username)) { _log('WARNING: unable to remove temporary password after successful login', 3, 'login'); } // remove IP on successful login blacklist_clearip($username, $_SERVER['REMOTE_ADDR']); return true; } } // check blacklist blacklist_checkip($username, $_SERVER['REMOTE_ADDR']); _log('invalid login u:' . $username . ' uid:' . $uid . ' ip:' . $_SERVER['REMOTE_ADDR'], 2, 'auth_validate_login'); return false; }
function phonebook_hook_phonebook_number2name($mobile, $c_username = '') { global $user_config; $name = ''; if ($mobile) { // if username supplied use it, else use global username $c_uid = user_username2uid($c_username); $uid = $c_uid ? $c_uid : $user_config['uid']; // remove + $mobile = str_replace('+', '', $mobile); // remove first 3 digits if phone number length more than 7 if (strlen($mobile) > 7) { $mobile = substr($mobile, 3); } $db_query = "\n\t\t\tSELECT A.name AS name FROM " . _DB_PREF_ . "_featurePhonebook AS A\n\t\t\tLEFT JOIN " . _DB_PREF_ . "_featurePhonebook_group_contacts AS C ON A.id=C.pid\n\t\t\tLEFT JOIN " . _DB_PREF_ . "_featurePhonebook_group AS B ON B.id=C.gpid\n\t\t\tWHERE A.mobile LIKE '%" . $mobile . "' AND (\n\t\t\t\tA.uid='{$uid}'\n\t\t\t\tOR B.id in\n\t\t\t\t\t(\n\t\t\t\t\tSELECT B.id AS id FROM " . _DB_PREF_ . "_featurePhonebook AS A\n\t\t\t\t\tLEFT JOIN " . _DB_PREF_ . "_featurePhonebook_group_contacts AS C ON A.id=C.pid\n\t\t\t\t\tLEFT JOIN " . _DB_PREF_ . "_featurePhonebook_group AS B ON B.id=C.gpid\n\t\t\t\t\tWHERE A.mobile='" . user_getfieldbyuid($uid, 'mobile') . "' AND B.flag_sender='1' \n\t\t\t\t\t)\n\t\t\t\tOR ( A.uid<>'{$uid}' AND B.flag_sender>'1' ) )\n\t\t\tLIMIT 1"; $db_result = dba_query($db_query); $db_row = dba_fetch_array($db_result); $name = $db_row['name']; } return $name; }
if (auth_isadmin()) { $user_edited = user_getdatabyusername($uname); $c_username = $uname; $url_uname = '&uname=' . $uname; } else { $user_edited = user_getdatabyusername($uname); $c_username = $uname; $url_uname = '&uname=' . $uname; if ($user_edited['parent_uid'] == $user_config['uid']) { $is_parent = TRUE; } else { auth_block(); } } } $c_uid = user_username2uid($c_username); switch (_OP_) { case "user_config": if ($c_user = dba_search(_DB_PREF_ . '_tblUser', '*', array('flag_deleted' => 0, 'uid' => $c_uid))) { $token = $c_user[0]['token']; $webservices_ip = $c_user[0]['webservices_ip']; $enable_webservices = $c_user[0]['enable_webservices']; $sender = core_sanitize_sender($c_user[0]['sender']); $footer = core_sanitize_footer($c_user[0]['footer']); $datetime_timezone = core_get_timezone($c_username); $fwd_to_inbox = $c_user[0]['fwd_to_inbox']; $fwd_to_email = $c_user[0]['fwd_to_email']; $fwd_to_mobile = $c_user[0]['fwd_to_mobile']; $local_length = $c_user[0]['local_length']; $replace_zero = $c_user[0]['replace_zero']; $acl_id = (int) $c_user[0]['acl_id'];
case "user_ban": $uid = user_username2uid($_REQUEST['uname']); if ($uid && ($uid == 1 || $uid == $user_config['uid'])) { $_SESSION['dialog']['info'][] = _('Account admin or currently logged in administrator cannot be banned'); } else { if (user_banned_get($uid)) { $_SESSION['dialog']['info'][] = _('User is already on banned users list') . ' (' . _('username') . ': ' . $_REQUEST['uname'] . ')'; } else { if (user_banned_add($uid)) { $_SESSION['dialog']['info'][] = _('Account has been banned') . ' (' . _('username') . ': ' . $_REQUEST['uname'] . ')'; } else { $_SESSION['dialog']['info'][] = _('Unable to ban account') . ' (' . _('username') . ': ' . $_REQUEST['uname'] . ')'; } } } header("Location: " . _u('index.php?app=main&inc=core_user&route=user_mgmnt&op=user_list&view=' . $view)); exit; break; case "login_as": user_session_remove($_SESSION['uid'], $_SESSION['sid']); $uid = user_username2uid($_REQUEST['uname']); auth_login_as($uid); if (auth_isvalid()) { logger_print("login as u:" . $_SESSION['username'] . " uid:" . $uid . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "user_mgmnt"); } else { logger_print("fail to login as u:" . $_SESSION['username'] . " uid:" . $uid . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "user_mgmnt"); } header('Location: ' . _u(_HTTP_PATH_BASE_)); exit; break; }
$all_numbers = array(); $valid = 0; $invalid = 0; $item_valid = array(); $item_invalid = array(); if ($fs == filesize($fn) && file_exists($fn)) { if (($fd = fopen($fn, 'r')) !== FALSE) { $sid = md5(uniqid('SID', true)); $continue = true; while (($data = fgetcsv($fd, $fs, ',')) !== FALSE && $continue) { $dup = false; $sms_to = trim($data[0]); $sms_msg = trim($data[1]); if (auth_isadmin()) { if ($sms_username = trim($data[2])) { if ($uid = user_username2uid($sms_username)) { $data[2] = $sms_username; } else { $sms_username = $user_config['username']; $uid = $user_config['uid']; $data[2] = $sms_username; } } else { $sms_username = $user_config['username']; $uid = $user_config['uid']; $data[2] = $sms_username; } } else { $sms_username = $user_config['username']; $uid = $user_config['uid']; $data[2] = $sms_username;
/** * Intercept on before-process stage for incoming SMS * * @param $sms_datetime incoming * SMS date/time * @param $sms_sender incoming * SMS sender * @param $message incoming * SMS message before interepted * @param $sms_receiver receiver * number that is receiving incoming SMS * @param $reference_id reference_id * data * @return array $ret */ function incoming_hook_recvsms_intercept($sms_datetime, $sms_sender, $message, $sms_receiver, $reference_id) { $ret = array(); $found_bc = FALSE; $found_pv = FALSE; // continue only when keyword does not exists $m = explode(' ', $message); if (!keyword_isavail($m[0])) { return $ret; } // get settings $settings = incoming_settings_get(); // get post rules $pre_rules = incoming_pre_rules_get(); // scan for #<sender's phonebook group code> and @<username> according to pre rules $msg = explode(' ', $message); if (count($msg) > 0) { $bc = array(); $pv = array(); for ($i = 0; $i < count($msg); $i++) { $c_text = trim($msg[$i]); // scan message for @username if ($pre_rules['match_username']) { if (substr($c_text, 0, 1) === '@') { $pv[] = strtolower(substr($c_text, 1)); $found_pv = TRUE; } } // scan message for #groupcode if ($pre_rules['match_groupcode']) { if (substr($c_text, 0, 1) === '#') { $bc[] = strtoupper(substr($c_text, 1)); $found_bc = TRUE; } } } } if ($found_bc || $found_pv) { _log("recvsms_intercept dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:" . $message, 3, 'incoming recvsms_intercept'); } if ($found_bc) { $groups = array_unique($bc); foreach ($groups as $key => $c_group_code) { $c_uid = user_mobile2uid($sms_sender); $list = phonebook_search_group($c_uid, $c_group_code, '', TRUE); $c_gpid = $list[0]['gpid']; if ($c_uid && $c_gpid) { $c_username = user_uid2username($c_uid); _log("bc g:" . phonebook_code_clean($c_group_code) . " gpid:" . $c_gpid . " uid:" . $c_uid . " dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:" . $message, 3, 'incoming recvsms_intercept'); sendsms_bc($c_username, $c_gpid, $message); _log("bc end", 3, 'incoming recvsms_intercept'); $ret['uid'] = $c_uid; $ret['hooked'] = true; } } } if ($found_pv) { $users = array_unique($pv); foreach ($users as $key => $c_username) { $c_username = core_sanitize_username($c_username); if ($c_uid = user_username2uid($c_username)) { _log("pv u:" . $c_username . " uid:" . $c_uid . " dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:[" . $message . "] reference_id:" . $reference_id, 3, 'incoming recvsms_intercept'); recvsms_inbox_add($sms_datetime, $sms_sender, $c_username, $message, $sms_receiver, $reference_id); _log("pv end", 3, 'incoming recvsms_intercept'); $ret['uid'] = $c_uid; $ret['hooked'] = true; } } } return $ret; }
function webservices_login_key_set($username) { $uid = user_username2uid($username); $login_key = md5(core_get_random_string(32)); if (registry_update($uid, 'core', 'webservices', array('login_key' => $login_key))) { $json['status'] = 'OK'; $json['error'] = '0'; $json['login_key'] = $login_key; } else { $json['status'] = 'ERR'; $json['error'] = '626'; } return $json; }
} $log_this = TRUE; break; case "GET_CONTACT": if ($u = webservices_validate($h, $u)) { $c_uid = user_username2uid($u); $json = webservices_get_contact($c_uid, $kwd, $c); } else { $json['status'] = 'ERR'; $json['error'] = '100'; } $log_this = TRUE; break; case "GET_CONTACT_GROUP": if ($u = webservices_validate($h, $u)) { $c_uid = user_username2uid($u); $json = webservices_get_contact_group($c_uid, $kwd, $c); } else { $json['status'] = 'ERR'; $json['error'] = '100'; } $log_this = TRUE; break; case "GET_TOKEN": $user = array(); if (preg_match('/^(.+)@(.+)\\.(.+)$/', $u)) { if (auth_validate_email($u, $p)) { $u = user_email2username($u); $user = user_getdatabyusername($u); } } else {
/** * Send SMS to phonebook group * * @global array $core_config * @param string $username * @param integer $gpid * @param string $message * @param string $sms_type * @param integer $unicode * @param string $smsc * @param boolean $nofooter * @param string $sms_footer * @param string $sms_sender * @param string $sms_schedule * @return array array($status, $sms_to, $smslog_id, $queue, $counts) */ function sendsms_bc($username, $gpid, $message, $sms_type = 'text', $unicode = 0, $smsc = '', $nofooter = false, $sms_footer = '', $sms_sender = '', $sms_schedule = '') { global $core_config, $user_config; $array_sms_to = array(); // get User ID $uid = user_username2uid($username); _log("start uid:" . $uid . " sender_id:[" . $sms_sender . "] smsc:[" . $smsc . "]", 2, "sendsms_bc"); // destination group should be an array, if single then make it array of 1 member if (is_array($gpid)) { $array_gpid = $gpid; } else { $array_gpid = explode(',', $gpid); } $j = 0; for ($i = 0; $i < count($array_gpid); $i++) { if ($c_gpid = trim($array_gpid[$i])) { $sms_count = 0; $rows = phonebook_getdatabyid($c_gpid); if (is_array($rows)) { foreach ($rows as $key => $db_row) { $p_num = trim($db_row['p_num']); if ($sms_to = sendsms_getvalidnumber($p_num)) { $array_sms_to[] = $sms_to; $sms_count++; } } } _log("collect gpid:" . $c_gpid . " uid:" . $uid . " sender:[" . $sms_sender . "] count:" . $sms_count, 2, "sendsms_bc"); } } _log("send all uid:" . $uid . " sender:[" . $sms_sender . "] count:" . count($array_sms_to), 2, "sendsms_bc"); // sendsms if (is_array($array_sms_to) && $array_sms_to[0]) { list($ok, $to, $smslog_id, $queue, $counts, $error_strings) = sendsms($username, $array_sms_to, $message, $sms_type, $unicode, $smsc, $nofooter, $sms_footer, $sms_sender, $sms_schedule); } return array($ok, $to, $smslog_id, $queue, $counts, $error_strings); }
/** * Check IP address is exists in blacklist * * @param string $label * single label, can be $username or $uid, its up to the implementator * @param string $ip * single IP address * @return boolean TRUE when found and FALSE if not found */ function firewall_hook_blacklist_ifipexists($label, $ip) { $ret = FALSE; $condition = array('uid' => user_username2uid($label), 'ip_address' => $ip); $row = dba_search(_DB_PREF_ . '_featureFirewall', 'ip_address', $condition); if (count($row) > 0) { $ret = TRUE; } return $ret; }
function user_getfieldbyusername($username, $field) { $uid = user_username2uid($username); return user_getfieldbyuid($uid, $field); }
if ($username_or_email && $password) { $username = ''; $validated = FALSE; if (preg_match('/^(.+)@(.+)\\.(.+)$/', $username_or_email)) { if (auth_validate_email($username_or_email, $password)) { $username = user_email2username($username_or_email); $validated = TRUE; } } else { if (auth_validate_login($username_or_email, $password)) { $username = $username_or_email; $validated = TRUE; } } if ($validated) { $uid = user_username2uid($username); auth_session_setup($uid); if (auth_isvalid()) { logger_print("u:" . $_SESSION['username'] . " uid:" . $uid . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); } else { logger_print("unable to setup session u:" . $_SESSION['username'] . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); $_SESSION['error_string'] = _('Unable to login'); } } else { $_SESSION['error_string'] = _('Invalid username or password'); } } header("Location: " . _u($core_config['http_path']['base'])); exit; } else { // error string
function simplerate_hook_rate_cansend($username, $sms_len, $unicode, $sms_to) { global $core_config; list($count, $rate, $charge) = rate_getcharges($sms_len, $unicode, $sms_to); // sender's $credit = rate_getusercredit($username); $balance = $credit - $charge; // parent's when sender is a subuser $uid = user_username2uid($username); $parent_uid = user_getparentbyuid($uid); if ($parent_uid) { $username_parent = user_uid2username($parent_uid); $credit_parent = rate_getusercredit($username_parent); $balance_parent = $credit_parent - $charge; } if ($parent_uid) { if ($balance_parent >= 0 && $balance >= 0) { logger_print("allowed subuser uid:" . $uid . " parent_uid:" . $parent_uid . " sms_to:" . $sms_to . " credit:" . $credit . " count:" . $count . " rate:" . $rate . " charge:" . $charge . " balance:" . $balance . " balance_parent:" . $balance_parent, 2, "simplerate cansend"); return TRUE; } else { logger_print("disallowed subuser uid:" . $uid . " parent_uid:" . $parent_uid . " sms_to:" . $sms_to . " credit:" . $credit . " count:" . $count . " rate:" . $rate . " charge:" . $charge . " balance:" . $balance . " balance_parent:" . $balance_parent, 2, "simplerate cansend"); return FALSE; } } else { if ($balance >= 0) { logger_print("allowed user uid:" . $uid . " sms_to:" . $sms_to . " credit:" . $credit . " count:" . $count . " rate:" . $rate . " charge:" . $charge . " balance:" . $balance, 2, "simplerate cansend"); return TRUE; } else { logger_print("disallowed user uid:" . $uid . " sms_to:" . $sms_to . " credit:" . $credit . " count:" . $count . " rate:" . $rate . " charge:" . $charge . " balance:" . $balance, 2, "simplerate cansend"); return FALSE; } } }
/** * Intercept on before-process stage for incoming SMS * * @param $sms_datetime incoming * SMS date/time * @param $sms_sender incoming * SMS sender * @param $message incoming * SMS message before interepted * @param $sms_receiver receiver * number that is receiving incoming SMS * @param $reference_id reference_id * data * @return array $ret */ function incoming_hook_recvsms_intercept($sms_datetime, $sms_sender, $message, $sms_receiver, $reference_id) { $ret = array(); $found_bc = FALSE; $found_pv = FALSE; // continue only when keyword does not exists $m = explode(' ', $message); if (!checkavailablekeyword($m[0])) { return $ret; } // get settings $settings = incoming_settings_get(); // get post rules $pre_rules = incoming_pre_rules_get(); // scan for #<sender's phonebook group code> and @<username> according to pre rules $msg = explode(' ', $message); if (count($msg) > 0) { $bc = array(); $pv = array(); for ($i = 0; $i < count($msg); $i++) { $c_text = trim($msg[$i]); // scan message for @username if ($pre_rules['match_username']) { if (substr($c_text, 0, 1) === '@') { $pv[] = strtolower(substr($c_text, 1)); $found_pv = TRUE; } } // scan message for #groupcode if ($pre_rules['match_groupcode']) { if (substr($c_text, 0, 1) === '#') { $bc[] = strtoupper(substr($c_text, 1)); $found_bc = TRUE; } } } } if ($found_bc || $found_pv) { _log("recvsms_intercept dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:" . $message, 3, 'incoming recvsms_intercept'); } if ($found_bc) { $groups = array_unique($bc); foreach ($groups as $key => $c_group_code) { $c_group_code = strtoupper($c_group_code); $c_group_code = core_sanitize_alphanumeric($c_group_code); $c_uid = user_mobile2uid($sms_sender); if ($c_uid && ($c_gpid = phonebook_groupcode2id($c_uid, $c_group_code))) { $c_username = user_uid2username($c_uid); _log("bc g:" . $c_group_code . " gpid:" . $c_gpid . " uid:" . $c_uid . " dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:" . $message, 3, 'incoming recvsms_intercept'); sendsms_bc($c_username, $c_gpid, $message); _log("bc end", 3, 'incoming recvsms_intercept'); $ret['uid'] = $c_uid; $ret['hooked'] = true; } else { // check the group_code for flag_sender<>0 $db_query = "SELECT id,uid,flag_sender FROM " . _DB_PREF_ . "_featurePhonebook_group WHERE code='{$c_group_code}' AND flag_sender<>0"; $db_result = dba_query($db_query); if ($db_row = dba_fetch_array($db_result)) { $c_gpid = $db_row['id']; $c_uid = $db_row['uid']; $c_flag_sender = $db_row['flag_sender']; if ($c_flag_sender == 2) { $c_username = user_uid2username($c_uid); _log("bc mobile flag_sender:" . $c_flag_sender . " username:"******" uid:" . $c_uid . " g:" . $c_group_code . " gpid:" . $c_gpid . " uid:" . $c_uid . " dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:" . $message, 3, 'incoming recvsms_intercept'); $sender = trim(phonebook_number2name($sms_sender, $c_username)); $sender = $sender ? $sender : $sms_sender; sendsms_bc($c_username, $c_gpid, $sender . ":" . $message); _log("bc mobile end", 3, 'incoming recvsms_intercept'); $ret['uid'] = $c_uid; $ret['hooked'] = true; } else { if ($c_flag_sender == 1) { // check whether sms_sender belongs to c_group_code $db_query = "SELECT B.id AS id FROM " . _DB_PREF_ . "_featurePhonebook AS A\n\t\t\t\t\t\t\t\tLEFT JOIN playsms.playsms_featurePhonebook_group_contacts AS C ON A.id=C.pid\n\t\t\t\t\t\t\t\tLEFT JOIN playsms.playsms_featurePhonebook_group AS B ON B.id=C.gpid\n\t\t\t\t\t\t\t\tWHERE A.mobile LIKE '%" . substr($sms_sender, 3) . "' AND B.code='" . $c_group_code . "'"; $db_result = dba_query($db_query); if ($db_row = dba_fetch_array($db_result)) { $c_username = user_uid2username($c_uid); _log("bc mobile flag_sender:" . $c_flag_sender . " username:"******" uid:" . $c_uid . " g:" . $c_group_code . " gpid:" . $c_gpid . " uid:" . $c_uid . " dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:" . $message, 3, 'incoming recvsms_intercept'); $sender = trim(phonebook_number2name($sms_sender, $c_username)); $sender = $sender ? $sender : $sms_sender; sendsms_bc($c_username, $c_gpid, $sender . ":" . $message); _log("bc mobile end", 3, 'incoming recvsms_intercept'); $ret['uid'] = $c_uid; $ret['hooked'] = true; } } } } } } } if ($found_pv) { $users = array_unique($pv); foreach ($users as $key => $c_username) { $c_username = core_sanitize_username($c_username); if ($c_uid = user_username2uid($c_username)) { _log("pv u:" . $c_username . " uid:" . $c_uid . " dt:" . $sms_datetime . " s:" . $sms_sender . " r:" . $sms_receiver . " m:[" . $message . "] reference_id:" . $reference_id, 3, 'incoming recvsms_intercept'); recvsms_inbox_add($sms_datetime, $sms_sender, $c_username, $message, $sms_receiver, $reference_id); _log("pv end", 3, 'incoming recvsms_intercept'); $ret['uid'] = $c_uid; $ret['hooked'] = true; } } } return $ret; }