aboutsummaryrefslogblamecommitdiffstats
path: root/Zotlabs/Module/Tokens.php
blob: 9de54f5682f30b149d8043412f7317834140187d (plain) (tree)
1
2
3
4
5
6
7

     
                         
 


                           




                                     
 
                                 


                         


                                     
                                              
 


                                                                                        
                                                                            












































                                                                                                                                     


                                                                                               




                                                          







                                                                                                                 
                                                                                                   

                                                                                                
                                                                      










                                                                                                                        










                                                                                                  
                                
                                                                                                                








                                                                          


                                                                                                                                    







                                                                       



                                                                                              
 










                                                                                                    
 




                                                                            

                                                                                                              



















                                                                                                      
                                                                
                                                                                                                    
                                         
                                                                                                                   


                                 
 

























                                                                                                                       



                                               
 


                        





                                                                                   

                                                                 

                 

                                                 
                                              


                                   
                                   
 

                                      







                                                                                                    







                                                                                                                        
                         

                 

                                                                                                                                                                                                                                                   



                                                                                                   
 


                                                                        
                 
 
                                        
                                                                                
                                         

                 




                                                                          
 
                                                         
                                                 


                                                                                                                      
                                         
                                             
                                                                                                                                                     
                                                                                                                                                                    
                                                                                                                                                                                                                                                  

                                                 


                          
 
 
<?php

namespace Zotlabs\Module;

use App;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Apps;
use Zotlabs\Lib\AccessList;
use Zotlabs\Lib\Permcat;
use Zotlabs\Lib\Libsync;

require_once('include/security.php');

class Tokens extends Controller {

	function post() {

		if(! local_channel())
			return;

		$channel = App::get_channel();

		if(! Apps::system_app_installed($channel['channel_id'], 'Guest Access'))
			return;

		check_form_security_token_redirectOnErr('tokens', 'tokens');

		if(isset($_POST['delete'])) {
			$r = q("select * from atoken where atoken_id = %d and atoken_uid = %d",
				intval($_POST['atoken_id']),
				intval(local_channel())
			);

			if (!$r) {
				return;
			}

			$atoken = $r[0];
			$atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'];

			$atoken['deleted'] = true;

			$r = q("SELECT abook.*, xchan.*
				FROM abook left join xchan on abook_xchan = xchan_hash
				WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
				intval($channel['channel_id']),
				dbesc($atoken_xchan)
			);

			if (!$r) {
				return;
			}

			$clone = $r[0];

			unset($clone['abook_id']);
			unset($clone['abook_account']);
			unset($clone['abook_channel']);
			$clone['deleted'] = true;

			$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
			if ($abconfig) {
				$clone['abconfig'] = $abconfig;
			}

			atoken_delete($atoken['atoken_id']);
			Libsync::build_sync_packet($channel['channel_id'], [ 'abook' => [ $clone ], 'atoken' => [ $atoken ] ], true);

			return;
		}

		$token_errs = 0;
		if(array_key_exists('token',$_POST)) {
			$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);

			if (! $atoken_id) {
				$atoken_guid = new_uuid();
			}

			$name = trim(escape_tags($_POST['name']));
			$token = trim($_POST['token']);
			if((! $name) || (! $token))
					$token_errs ++;
			if(trim($_POST['expires']))
				$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
			else
				$expires = NULL_DATE;
			$max_atokens = service_class_fetch($channel['channel_id'],'access_tokens');
			if($max_atokens) {
				$r = q("select count(atoken_id) as total where atoken_uid = %d",
					intval($channel['channel_id'])
				);
				if($r && intval($r[0]['total']) >= $max_tokens) {
					notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL);
					return;
				}
			}
		}
		if($token_errs) {
			notice( t('Name and Password are required.') . EOL);
			return;
		}

		$old_atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
			intval($channel['channel_id']),
			dbesc($name)
		);

		if ($old_atok) {
			$old_atok = $old_atok[0];
			$old_xchan = atoken_xchan($old_atok);
		}

		if($atoken_id) {
			$r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s'
				where atoken_id = %d and atoken_uid = %d",
				dbesc($name),
				dbesc($token),
				dbesc($expires),
				intval($atoken_id),
				intval($channel['channel_id'])
			);
		}
		else {
			$r = q("insert into atoken (atoken_guid, atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
				values ('%s', %d, %d, '%s', '%s', '%s' ) ",
				dbesc($atoken_guid),
				intval($channel['channel_account_id']),
				intval($channel['channel_id']),
				dbesc($name),
				dbesc($token),
				dbesc($expires)
			);
		}

		$atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
			intval($channel['channel_id']),
			dbesc($name)
		);

		if ($atok) {
			$xchan = atoken_xchan($atok[0]);
			atoken_create_xchan($xchan);
			$atoken_xchan = $xchan['xchan_hash'];
			if ($old_atok && $old_xchan) {
				$r = q("update xchan set xchan_name = '%s' where xchan_hash = '%s'",
					dbesc($xchan['xchan_name']),
					dbesc($old_xchan['xchan_hash'])
				);
			}
		}


		if (! $atoken_id) {

			// If this is a new token, create a new abook record

			$closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness',80);
			$profile_assign = get_pconfig($channel['channel_id'], 'system', 'profile_assign', '');

			$r = abook_store_lowlevel(
				[
					'abook_account'   => $channel['channel_account_id'],
					'abook_channel'   => $channel['channel_id'],
					'abook_closeness' => intval($closeness),
					'abook_xchan'     => $atoken_xchan,
					'abook_profile'   => $profile_assign,
					'abook_feed'      => 0,
					'abook_created'   => datetime_convert(),
					'abook_updated'   => datetime_convert(),
					'abook_instance'  => z_root(),
				]
			);

			if (! $r) {
				logger('abook creation failed');
			}

			/** If there is a default group for this channel, add this connection to it */
			if ($channel['channel_default_group']) {
				$g = AccessList::by_hash($channel['channel_id'], $channel['channel_default_group']);
				if ($g) {
					AccessList::member_add($channel['channel_id'], '', $atoken_xchan,$g['id']);
				}
			}
		}

		$role = ((array_key_exists('permcat', $_POST)) ? escape_tags($_POST['permcat']) : '');
		\Zotlabs\Lib\Permcat::assign($channel, $role, [$atoken_xchan]);

		$r = q("SELECT abook.*, xchan.*
			FROM abook left join xchan on abook_xchan = xchan_hash
			WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
			intval($channel['chnnel_id']),
			dbesc($atoken_xchan)
		);

		if (! $r) {
			return;
		}

		$clone = $r[0];

		unset($clone['abook_id']);
		unset($clone['abook_account']);
		unset($clone['abook_channel']);

		$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
		if ($abconfig) {
			$clone['abconfig'] = $abconfig;
		}

		Libsync::build_sync_packet($channel['channel_id'], [ 'abook' => [ $clone ], 'atoken' => $atok ], true);

		info( t('Token saved.') . EOL);
		return;
	}


	function get() {

		if(! local_channel())
			return;

		if(! Apps::system_app_installed(local_channel(), 'Guest Access')) {
			//Do not display any associated widgets at this point
			App::$pdl = '';
			$papp = Apps::get_papp('Guest Access');
			return Apps::app_render($papp, 'module');
		}

		nav_set_selected('Guest Access');

		$channel = App::get_channel();

		$atoken = null;
		$atoken_xchan = '';
		$atoken_abook = [];

		if(argc() > 1) {
			$id = argv(1);

			$atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d",
				intval($id),
				intval(local_channel())
			);

			if($atoken) {
				$atoken = $atoken[0];
				$atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $atoken['atoken_guid'];

				$atoken_abook = q("select * from abook where abook_channel = %d and abook_xchan = '%s'",
					intval(local_channel()),
					dbesc($atoken_xchan)
				);

				$atoken_abook = $atoken_abook[0];
			}
		}

		$desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access private content.');

		$pcat            = new Permcat(local_channel());
		$pcatlist        = $pcat->listing();
		$default_role    = get_pconfig(local_channel(), 'system', 'default_permcat');
		$current_permcat = (($atoken_abook) ? $atoken_abook['abook_role'] : $default_role);

		$roles_dict = [];
		foreach ($pcatlist as $role) {
			$roles_dict[$role['name']] = $role['localname'];
		}

		if (!$current_permcat) {
			notice(t('Please select a role for this guest!') . EOL);
			$permcats[] = '';
		}

		if ($pcatlist) {
			foreach ($pcatlist as $pc) {
				$permcats[$pc['name']] = $pc['localname'];
			}
		}

		$tpl = get_markup_template("tokens.tpl");
		$o .= replace_macros($tpl, array(
			'$form_security_token' => get_form_security_token('tokens'),
			'$permcat' => ['permcat', t('Select a role for this guest'), $current_permcat, '', $permcats],
			'$title' => t('Guest Access'),
			'$desc' => $desc,
			'$atoken' => $atoken,
			'$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''),
			'$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : new_token()), ''),
			'$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] > NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''),
			'$submit' => t('Submit'),
			'$delete' => t('Delete')
		));
		return $o;
	}

}