WebSVN – Moodle – Autoría – /woocommerce/usuario.php

Rev	Autor	Línea Nro.	Línea
12	efrain	1	`<?php`
		2	`header('Access-Control-Allow-Origin: *');`
		3	`header('Access-Control-Allow-Methods: POST, GET, DELETE, PUT, PATCH, OPTIONS');`
		4	`header('Access-Control-Allow-Headers: token, Content-Type');`
		5	`header('Access-Control-Max-Age: 1728000');`
		6	`header('Content-Type: application/json');`
		7
		8
		9	`require_once(__DIR__ . '/config.php');`
		10	`require_once(__DIR__ . '/../config.php');`
		11	`require_once(__DIR__ . '/rsa.php');`
		12	`require_once(__DIR__ . '/lib.php');`
		13
		14	`global $DB, $CFG;`
		15
		16	`require_once($CFG->libdir.'/moodlelib.php');`
		17	`require_once($CFG->libdir . '/externallib.php');`
		18	`require_once($CFG->libdir.'/authlib.php');`
		19	`require_once( $CFG->libdir . '/gdlib.php' );`
		20
		21	`require_once($CFG->dirroot.'/user/lib.php');`
		22
		23
		24	`$username = trim(isset($_POST['username']) ? filter_var($_POST['username'], FILTER_SANITIZE_STRING) : '');`
		25	`$password = trim(isset($_POST['password']) ? filter_var($_POST['password'], FILTER_SANITIZE_STRING) : '');`
		26	`$timestamp = trim(isset($_POST['timestamp']) ? filter_var($_POST['timestamp'], FILTER_SANITIZE_STRING) : '');`
		27	`$rand = intval(isset($_POST['rand']) ? filter_var($_POST['rand'], FILTER_SANITIZE_NUMBER_INT) : 0,10);`
		28	`$data = trim(isset($_POST['data']) ? filter_var($_POST['data'], FILTER_SANITIZE_STRING) : '');`
		29
		30
		31	`if(empty($username) \|\| empty($password) \|\| empty($timestamp) \|\| empty($rand) \|\| !is_integer($rand)) {`
		32	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']) ;`
		33	`exit;`
		34	`}`
		35
		36	`if($username != LLWS_USERNAME) {`
		37	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']) ;`
		38	`exit;`
		39	`}`
		40
		41	`$dt = \DateTimeImmutable::createFromFormat('Y-m-d\TH:i:s', gmdate('Y-m-d\TH:i:s'));`
		42	`$dtMax = $dt->add(\DateInterval::createFromDateString('5 minutes'));`
		43	`$dtMin = $dt->sub(\DateInterval::createFromDateString('5 minutes'));`
		44
		45
		46	`$t0 = $dt->getTimestamp();`
		47	`$t1 = $dtMin->getTimestamp();`
		48	`$t2 = $dtMax->getTimestamp();`
		49
		50	`if($t0 < $t1 \|\| $t0 > $t2) {`
		51	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']) ;`
		52	`exit;`
		53	`}`
		54
		55	`if(!password_verify( $username.'-'. LLWS_PASSWORD. '-' . $rand. '-' . $timestamp, $password)) {`
		56	`echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']) ;`
		57	`exit;`
		58	`}`
		59
		60	`if(empty($data)) {`
		61	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']) ;`
		62	`exit;`
		63	`}`
		64
		65	`$data = base64_decode($data);`
		66	`if(empty($data)) {`
		67	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']) ;`
		68	`exit;`
		69	`}`
		70
		71	`try {`
		72	`$rsa = new rsa();`
		73	`$rsa->setKeys(LLWS_RSA_N, LLWS_RSA_D, LLWS_RSA_E);`
		74	`$data = $rsa->decrypt($data);`
		75	`} catch (Throwable $e)`
		76	`{`
		77	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']) ;`
		78	`exit;`
		79	`}`
		80
		81	`$data = (array) json_decode($data);`
		82	`if(empty($data)) {`
		83	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']) ;`
		84	`exit;`
		85	`}`
		86
		87
		88	`$email = trim(isset($data['email']) ? filter_var($data['email'], FILTER_SANITIZE_EMAIL) : '');`
		89	`$first_name = trim(isset($data['first_name']) ? filter_var($data['first_name'], FILTER_SANITIZE_STRING) : '');`
		90	`$last_name = trim(isset($data['last_name']) ? filter_var($data['last_name'], FILTER_SANITIZE_STRING) : '');`
		91	`$password = trim(isset($data['password']) ? filter_var($data['password'], FILTER_SANITIZE_STRING) : '');`
		92
		93	`if(!filter_var($email, FILTER_VALIDATE_EMAIL) \|\| empty($first_name) \|\| empty($last_name)) {`
		94	`echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']) ;`
		95	`exit;`
		96	`}`
		97
		98	`$user = ll_get_user_by_email($email);`
		99	`if($user) {`
		100	`$new_user = false;`
		101	`} else {`
		102	`$new_user = true;`
		103	`$username = ll_get_username_available($first_name, $last_name);`
		104
		105	`$user = ll_create_user($username, $email, $first_name, $last_name);`
		106
		107	`}`
		108
		109
		110
		111	`if(!$user) {`
		112	`echo json_encode(['success' => false, 'data' => 'ERROR_MOODLE1']) ;`
		113	`exit;`
		114	`}`
		115
		116	`if($new_user) {`
		117	`$role = $DB->get_record('role', array('archetype' => 'student'));`
		118	`$enrolmethod = 'manual';`
		119
		120	`$courses = get_courses();`
		121	`foreach($courses as $course)`
		122	`{`
		123	`if($course->categoy_id == LLWS_CATEGORY_ID) {`
		124	`$context = context_course::instance($course->id);`
		125	`if (!is_enrolled($context, $user)) {`
		126	`$enrol = enrol_get_plugin($enrolmethod);`
		127	`if ($enrol === null) {`
		128	`return false;`
		129	`}`
		130	`$instances = enrol_get_instances($course->id, true);`
		131	`$manualinstance = null;`
		132	`foreach ($instances as $instance) {`
		133	`if ($instance->name == $enrolmethod) {`
		134	`$manualinstance = $instance;`
		135	`break;`
		136	`}`
		137	`}`
		138	`if ($manualinstance !== null) {`
		139	`$instanceid = $enrol->add_default_instance($course);`
		140	`if ($instanceid === null) {`
		141	`$instanceid = $enrol->add_instance($course);`
		142	`}`
		143	`$instance = $DB->get_record('enrol', array('id' => $instanceid));`
		144	`if($instance) {`
		145	`$enrol->enrol_user($instance, $user->id, $role->id);`
		146	`}`
		147	`}`
		148
		149	`}`
		150	`}`
		151	`}`
		152
		153	`}`
		154
		155
		156
		157
		158	`$user = get_complete_user_data('id', $user->id);`
		159	`if (!isloggedin()) {`
		160	`complete_user_login($user);`
		161	`}`
		162
		163	`header('Location: '. $CFG->wwwroot . '/my');`
		164	`exit;`
		165

Proyectos de Subversion Moodle

(root)/woocommerce/usuario.php – Rev 12