WebSVN – Moodle – Autoría – /leaderslinked/service.php

Rev	Autor	Línea Nro.	Línea
96	efrain	1	`<?php`
		2	`header('Content-Type: application/json');`
		3	`header('Access-Control-Allow-Origin: *');`
		4	`define('LLWS_USERNAME', 'leaderdslinked-ws');`
		5	`define('LLWS_PASSWORD', 'KFB3lFsLp&CpB0uc2VNc!zVn@w!EZqZjr$J0AlE@sYREUcyP');`
		6	`define('LLWS_RSA_N',34589927);`
		7	`define('LLWS_RSA_D',4042211);`
		8	`define('LLWS_RSA_E',7331);`
		9	`define('LLWS_CATEGORY_ID',6);`
		10
		11
		12	`require_once(__DIR__ . '/../config.php');`
		13	`global $DB, $CFG;`
		14
		15	`require_once($CFG->libdir.'/moodlelib.php');`
		16	`require_once($CFG->libdir . '/externallib.php');`
		17	`require_once($CFG->libdir.'/authlib.php');`
		18	`require_once( $CFG->libdir . '/gdlib.php' );`
		19
		20	`require_once($CFG->dirroot.'/user/lib.php');`
		21	`require_once __DIR__ . '/rsa.php';`
		22	`require_once __DIR__ . '/lib.php';`
		23
		24
		25
		26	`/*`
		27	`$username = trim(isset($_SERVER['HTTP_USERNAME']) ? filter_var($_SERVER['HTTP_USERNAME'], FILTER_SANITIZE_STRING) : '');`
		28	`$password = trim(isset($_SERVER['HTTP_PASSWORD']) ? filter_var($_SERVER['HTTP_PASSWORD'], FILTER_SANITIZE_STRING) : '');`
		29	`$timestamp = trim(isset($_SERVER['HTTP_TIMESTAMP']) ? filter_var($_SERVER['HTTP_TIMESTAMP'], FILTER_SANITIZE_STRING) : '');`
		30	`$rand = intval(isset($_SERVER['HTTP_RAND']) ? filter_var($_SERVER['HTTP_RAND'], FILTER_SANITIZE_NUMBER_INT) : 0,10);`
		31	`*/`
		32
		33	`$username = trim(isset($_REQUEST['username']) ? filter_var($_REQUEST['username'], FILTER_SANITIZE_STRING) : '');`
		34	`$password = trim(isset($_REQUEST['password']) ? filter_var($_REQUEST['password'], FILTER_SANITIZE_STRING) : '');`
		35	`$timestamp = trim(isset($_REQUEST['timestamp']) ? filter_var($_REQUEST['timestamp'], FILTER_SANITIZE_STRING) : '');`
		36	`$rand = intval(isset($_REQUEST['rand']) ? filter_var($_REQUEST['rand'], FILTER_SANITIZE_NUMBER_INT) : 0,10);`
		37	`$data = trim(isset($_REQUEST['data']) ? filter_var($_REQUEST['data'], FILTER_SANITIZE_STRING) : '');`
		38
		39	`/*`
		40	`$data = '';`
		41	`$input = fopen("php://input", "r");`
		42
		43
		44	`while ($line = fread($input, 1024))`
		45	`{`
		46	`$data .= $line;`
		47	`}`
		48	`fclose($input);*/`
		49
		50	`/*`
		51	`echo 'username = '. $username . PHP_EOL;`
		52	`echo 'password = '. $password . PHP_EOL;`
		53	`echo 'rand = '. $rand . PHP_EOL;`
		54	`echo 'timestamp = '. $timestamp . PHP_EOL;`
		55	`echo 'data = '. $data . PHP_EOL;`
		56
		57
		58	`/*`
		59	`list($usec, $sec) = explode(' ', microtime());`
		60	`$seed = intval($sec + ((float) $usec * 100000));`
		61
		62	`$username = LLWS_USERNAME;`
		63	`$timestamp = date('Y-m-d\TH:i:s');`
		64	`mt_srand($seed, MT_RAND_MT19937);`
		65	`$rand = mt_rand();`
		66
		67	`$password = LLWS_PASSWORD;`
		68	`$password = password_hash($username.'-'. $password. '-' . $rand. '-' . $timestamp, PASSWORD_DEFAULT);`
		69
		70	`$data = $rsa->encrypt(json_encode(['email' => 'usuario4@test.com', 'first_name' => 'usuario4', 'last_name' => 'test']));`
		71	`*/`
		72
		73	`if(empty($username) \|\| empty($password) \|\| empty($timestamp) \|\| empty($rand) \|\| !is_integer($rand)) {`
		74	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']) ;`
		75	`exit;`
		76	`}`
		77
		78	`if($username != LLWS_USERNAME) {`
		79	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']) ;`
		80	`exit;`
		81	`}`
		82
		83	`$dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);`
		84	`if(!$dt) {`
		85	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY3']) ;`
		86	`exit;`
		87	`}`
		88
		89	`$t0 = $dt->getTimestamp();`
		90	`$t1 = strtotime('-5 minutes');`
		91	`$t2 = strtotime('+5 minutes');`
		92
		93	`if($t0 < $t1 \|\| $t0 > $t2) {`
		94	`//echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']) ;`
		95	`//exit;`
		96	`}`
		97
		98	`if(!password_verify( $username.'-'. LLWS_PASSWORD. '-' . $rand. '-' . $timestamp, $password)) {`
		99	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']) ;`
		100	`exit;`
		101	`}`
		102
		103	`if(empty($data)) {`
		104	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']) ;`
		105	`exit;`
		106	`}`
		107
		108	`$data = base64_decode($data);`
		109	`if(empty($data)) {`
		110	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']) ;`
		111	`exit;`
		112	`}`
		113
		114	`try {`
		115	`$rsa = new rsa();`
		116	`$rsa->setKeys(LLWS_RSA_N, LLWS_RSA_D, LLWS_RSA_E);`
		117	`$data = $rsa->decrypt($data);`
		118	`} catch (Throwable $e)`
		119	`{`
		120	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']) ;`
		121	`exit;`
		122	`}`
		123
		124	`$data = (array) json_decode($data);`
		125	`if(empty($data)) {`
		126	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']) ;`
		127	`exit;`
		128	`}`
		129
		130
		131	`$email = trim(isset($data['email']) ? filter_var($data['email'], FILTER_SANITIZE_EMAIL) : '');`
		132	`$first_name = trim(isset($data['first_name']) ? filter_var($data['first_name'], FILTER_SANITIZE_STRING) : '');`
		133	`$last_name = trim(isset($data['last_name']) ? filter_var($data['last_name'], FILTER_SANITIZE_STRING) : '');`
		134
		135	`if(!filter_var($email, FILTER_VALIDATE_EMAIL) \|\| empty($first_name) \|\| empty($last_name)) {`
		136	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']) ;`
		137	`exit;`
		138	`}`
		139
		140
		141
		142	`$user = ll_get_user_by_email($email);`
		143	`if($user) {`
		144	`$new_user = false;`
		145	`} else {`
		146	`$new_user = true;`
		147	`$username = ll_get_username_available($first_name, $last_name);`
		148
		149	`$user = ll_create_user($username, $email, $first_name, $last_name);`
		150
		151	`if($user) {`
		152
		153	`$filename = trim(isset($data['image_filename']) ? filter_var($data['image_filename'], FILTER_SANITIZE_EMAIL) : '');`
		154	`$content = trim(isset($data['image_content']) ? filter_var($data['image_content'], FILTER_SANITIZE_STRING) : '');`
		155
		156
		157	`if($filename && $content) {`
		158	`$tempfile = __DIR__ . DIRECTORY_SEPARATOR . $filename;`
		159	`try {`
		160	`file_put_contents($filename, base64_decode($content));`
		161	`if (file_exists($tempfile)) {`
		162	`$usericonid = process_new_icon( context_user::instance( $user->id, MUST_EXIST ), 'user', 'icon', 0, $tempfile );`
		163	`if ( $usericonid ) {`
		164	`$DB->set_field( 'user', 'picture', $usericonid, array( 'id' => $user->id ) );`
		165	`}`
		166	`}`
		167	`} catch(\Throwable $e) {`
		168
		169	`} finally {`
		170	`if(file_exists($tempfile)) {`
		171	`unlink($tempfile);`
		172	`}`
		173	`}`
		174
		175
		176	`}`
		177
		178	`}`
		179	`}`
		180
		181
		182
		183	`if(!$user) {`
		184	`echo json_encode(['success' => false, 'data' => 'ERROR_MOODLE1']) ;`
		185	`exit;`
		186	`}`
		187
		188	`if($new_user) {`
		189	`$role = $DB->get_record('role', array('archetype' => 'student'));`
		190	`$enrolmethod = 'manual';`
		191
		192	`$courses = get_courses();`
		193	`foreach($courses as $course)`
		194	`{`
		195	`if($course->categoy_id == LLWS_CATEGORY_ID) {`
		196	`$context = context_course::instance($course->id);`
		197	`if (!is_enrolled($context, $user)) {`
		198	`$enrol = enrol_get_plugin($enrolmethod);`
		199	`if ($enrol === null) {`
		200	`return false;`
		201	`}`
		202	`$instances = enrol_get_instances($course->id, true);`
		203	`$manualinstance = null;`
		204	`foreach ($instances as $instance) {`
		205	`if ($instance->name == $enrolmethod) {`
		206	`$manualinstance = $instance;`
		207	`break;`
		208	`}`
		209	`}`
		210	`if ($manualinstance !== null) {`
		211	`$instanceid = $enrol->add_default_instance($course);`
		212	`if ($instanceid === null) {`
		213	`$instanceid = $enrol->add_instance($course);`
		214	`}`
		215	`$instance = $DB->get_record('enrol', array('id' => $instanceid));`
		216	`if($instance) {`
		217	`$enrol->enrol_user($instance, $user->id, $role->id);`
		218	`}`
		219	`}`
		220
		221	`}`
		222	`}`
		223	`}`
		224
		225	`}`
		226
		227
		228
		229
		230	`$user = get_complete_user_data('id', $user->id);`
		231	`if (!isloggedin()) {`
		232	`complete_user_login($user);`
		233	`}`
		234
		235	`header('Location: '. $CFG->wwwroot . '/my');`
		236	`exit;`
		237
		238

Proyectos de Subversion Moodle

(root)/leaderslinked/service.php – Rev 96