Proyectos de Subversion Moodle

Rev

Rev 96 | Rev 1384 | Ir a la última revisión | Mostrar el archivo completo | | | Autoría | Ultima modificación | Ver Log |

Rev 96 Rev 1383
Línea 1... Línea 1...
1 
<?php
 1 
<?php
2 
header('Content-Type: application/json');
 2 
header('Content-Type: application/json');
3 
header('Access-Control-Allow-Origin: *');
 3 
header('Access-Control-Allow-Origin: *');
4 
define('LLWS_USERNAME', 'leaderdslinked-ws');
 4 
define('LLWS_USERNAME', 'leaderdslinked-ws');
5 
define('LLWS_PASSWORD', 'KFB3lFsLp&*CpB0uc2VNc!zVn@w!EZqZ*jr$J0AlE@sYREUcyP');
 5 
define('LLWS_PASSWORD', 'KFB3lFsLp&*CpB0uc2VNc!zVn@w!EZqZ*jr$J0AlE@sYREUcyP');
6 
define('LLWS_RSA_N',34589927);
 6 
define('LLWS_RSA_N', 34589927);
7 
define('LLWS_RSA_D',4042211);
 7 
define('LLWS_RSA_D', 4042211);
8 
define('LLWS_RSA_E',7331);
 8 
define('LLWS_RSA_E', 7331);
9 
define('LLWS_CATEGORY_ID',6);
 9 
define('LLWS_CATEGORY_ID', 6);
Línea 10... Línea 10...
10 
 
 10 
 
11 
 
 11 
 
Línea 12... Línea 12...
12 
require_once(__DIR__ . '/../config.php');
 12 
require_once(__DIR__ . '/../config.php');
13 
global $DB, $CFG;
 13 
global $DB, $CFG;
14 
 
 14 
 
15 
require_once($CFG->libdir.'/moodlelib.php');
 15 
require_once($CFG->libdir . '/moodlelib.php');
Línea 16... Línea 16...
16 
require_once($CFG->libdir . '/externallib.php');
 16 
require_once($CFG->libdir . '/externallib.php');
17 
require_once($CFG->libdir.'/authlib.php');
 17 
require_once($CFG->libdir . '/authlib.php');
18 
require_once( $CFG->libdir . '/gdlib.php' );
 18 
require_once($CFG->libdir . '/gdlib.php');
Línea 28... Línea 28...
28 
$password   = trim(isset($_SERVER['HTTP_PASSWORD']) ? filter_var($_SERVER['HTTP_PASSWORD'], FILTER_SANITIZE_STRING) : '');
 28 
$password   = trim(isset($_SERVER['HTTP_PASSWORD']) ? filter_var($_SERVER['HTTP_PASSWORD'], FILTER_SANITIZE_STRING) : '');
29 
$timestamp  = trim(isset($_SERVER['HTTP_TIMESTAMP']) ? filter_var($_SERVER['HTTP_TIMESTAMP'], FILTER_SANITIZE_STRING) : '');
 29 
$timestamp  = trim(isset($_SERVER['HTTP_TIMESTAMP']) ? filter_var($_SERVER['HTTP_TIMESTAMP'], FILTER_SANITIZE_STRING) : '');
30 
$rand       = intval(isset($_SERVER['HTTP_RAND']) ? filter_var($_SERVER['HTTP_RAND'], FILTER_SANITIZE_NUMBER_INT) : 0,10);
 30 
$rand       = intval(isset($_SERVER['HTTP_RAND']) ? filter_var($_SERVER['HTTP_RAND'], FILTER_SANITIZE_NUMBER_INT) : 0,10);
31 
*/
 31 
*/
Línea 32... Línea 32...
32 
 
 32 
 
33 
$username   = trim(isset($_REQUEST['username']) ? filter_var($_REQUEST['username'], FILTER_SANITIZE_STRING) : '');
 33 
$username   = trim(isset($_REQUEST['data']['username']) ? filter_var($_REQUEST['data']['username'], FILTER_SANITIZE_STRING) : '');
34 
$password   = trim(isset($_REQUEST['password']) ? filter_var($_REQUEST['password'], FILTER_SANITIZE_STRING) : '');
 34 
$password   = trim(isset($_REQUEST['data']['password']) ? filter_var($_REQUEST['data']['password'], FILTER_SANITIZE_STRING) : '');
35 
$timestamp  = trim(isset($_REQUEST['timestamp']) ? filter_var($_REQUEST['timestamp'], FILTER_SANITIZE_STRING) : '');
 35 
$timestamp  = trim(isset($_REQUEST['data']['timestamp']) ? filter_var($_REQUEST['data']['timestamp'], FILTER_SANITIZE_STRING) : '');
36 
$rand       = intval(isset($_REQUEST['rand']) ? filter_var($_REQUEST['rand'], FILTER_SANITIZE_NUMBER_INT) : 0,10);
 36 
$rand       = intval(isset($_REQUEST['data']['rand']) ? filter_var($_REQUEST['data']['rand'], FILTER_SANITIZE_NUMBER_INT) : 0, 10);
Línea 37... Línea 37...
37 
$data       = trim(isset($_REQUEST['data']) ? filter_var($_REQUEST['data'], FILTER_SANITIZE_STRING) : '');
 37 
$data       = trim(isset($_REQUEST['data']['data']) ? filter_var($_REQUEST['data']['data'], FILTER_SANITIZE_STRING) : '');
38 
 
 38 
 
39 
/*
 39 
/*
Línea 68... Línea 68...
68 
$password  = password_hash($username.'-'. $password. '-' . $rand. '-' . $timestamp, PASSWORD_DEFAULT);
 68 
$password  = password_hash($username.'-'. $password. '-' . $rand. '-' . $timestamp, PASSWORD_DEFAULT);
Línea 69... Línea 69...
69 
 
 69 
 
70 
$data       = $rsa->encrypt(json_encode(['email' => 'usuario4@test.com', 'first_name' => 'usuario4', 'last_name' => 'test']));
 70 
$data       = $rsa->encrypt(json_encode(['email' => 'usuario4@test.com', 'first_name' => 'usuario4', 'last_name' => 'test']));
Línea 71... Línea 71...
71 
*/
 71 
*/
72 
 
 72 
 
73 
if(empty($username) || empty($password) || empty($timestamp) || empty($rand) || !is_integer($rand)) {
 73 
if (empty($username) || empty($password) || empty($timestamp) || empty($rand) || !is_integer($rand)) {
74 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']) ;
 74 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']);
Línea 75... Línea 75...
75 
    exit;
 75 
    exit;
76 
}
 76 
}
77 
 
 77 
 
78 
if($username != LLWS_USERNAME) {
 78 
if ($username != LLWS_USERNAME) {
Línea 79... Línea 79...
79 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']) ;
 79 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']);
80 
    exit;
 80 
    exit;
81 
}
 81 
}
82 
 
 82 
 
83 
$dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);
 83 
$dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);
Línea 84... Línea 84...
84 
if(!$dt) {
 84 
if (!$dt) {
85 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY3']) ;
 85 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY3']);
86 
    exit;
 86 
    exit;
Línea 87... Línea 87...
87 
}
 87 
}
88 
 
 88 
 
89 
$t0 = $dt->getTimestamp();
 89 
$t0 = $dt->getTimestamp();
90 
$t1 = strtotime('-5 minutes');
 90 
$t1 = strtotime('-5 minutes');
Línea 91... Línea 91...
91 
$t2 = strtotime('+5 minutes');
 91 
$t2 = strtotime('+5 minutes');
92 
 
 92 
 
93 
if($t0 < $t1 || $t0 > $t2) {
 93 
if ($t0 < $t1 || $t0 > $t2) {
94 
    //echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']) ;
 94 
    //echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']) ;
Línea 95... Línea 95...
95 
    //exit;
 95 
    //exit;
96 
}
 96 
}
97 
 
 97 
 
98 
if(!password_verify( $username.'-'. LLWS_PASSWORD. '-' . $rand. '-' . $timestamp, $password)) {
 98 
if (!password_verify($username . '-' . LLWS_PASSWORD . '-' . $rand . '-' . $timestamp, $password)) {
Línea 99... Línea 99...
99 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']) ;
 99 
    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']);
100 
    exit;
 100 
    exit;
101 
}
 101 
}
102 
 
 102 
 
103 
if(empty($data)) {
 103 
if (empty($data)) {
Línea 104... Línea 104...
104 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']) ;
 104 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']);
105 
    exit;
 105 
    exit;
106 
}
 106 
}
107 
 
 107 
 
108 
$data = base64_decode($data);
 108 
$data = base64_decode($data);
109 
if(empty($data)) {
 - 
 
110 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']) ;
 109 
if (empty($data)) {
111 
    exit;
 110 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']);
112 
}
 111 
    exit;
113 
 
 112 
}
114 
try {
 113 
 
115 
    $rsa = new rsa();
 114 
try {
116 
    $rsa->setKeys(LLWS_RSA_N, LLWS_RSA_D, LLWS_RSA_E);
 115 
    $rsa = new rsa();
117 
    $data = $rsa->decrypt($data);
 116 
    $rsa->setKeys(LLWS_RSA_N, LLWS_RSA_D, LLWS_RSA_E);
118 
} catch (Throwable $e)
 117 
    $data = $rsa->decrypt($data);
Línea 119... Línea 118...
119 
{
 118 
} catch (Throwable $e) {
120 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']) ;
 119 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']);
121 
    exit;
 120 
    exit;
Línea 122... Línea 121...
122 
}
 121 
}
123
122 
 
124 
$data = (array) json_decode($data);
 123 
$data = (array) json_decode($data);
125 
if(empty($data)) {
 124 
if (empty($data)) {
Línea 126... Línea 125...
126 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']) ;
 125 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']);
127 
    exit;
 126 
    exit;
128 
}
 127 
}
129 
 
 128 
 
130 
 
 129 
 
131 
$email      = trim(isset($data['email']) ? filter_var($data['email'], FILTER_SANITIZE_EMAIL) : '');
 130 
$email      = trim(isset($data['email']) ? filter_var($data['email'], FILTER_SANITIZE_EMAIL) : '');
Línea 132... Línea 131...
132 
$first_name = trim(isset($data['first_name']) ? filter_var($data['first_name'], FILTER_SANITIZE_STRING) : '');
 131 
$first_name = trim(isset($data['first_name']) ? filter_var($data['first_name'], FILTER_SANITIZE_STRING) : '');
133 
$last_name  = trim(isset($data['last_name']) ? filter_var($data['last_name'], FILTER_SANITIZE_STRING) : '');
 132 
$last_name  = trim(isset($data['last_name']) ? filter_var($data['last_name'], FILTER_SANITIZE_STRING) : '');
134 
 
 133 
 
135 
if(!filter_var($email, FILTER_VALIDATE_EMAIL) || empty($first_name) || empty($last_name)) {
 134 
if (!filter_var($email, FILTER_VALIDATE_EMAIL) || empty($first_name) || empty($last_name)) {
136 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']) ;
 135 
    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']);
137 
    exit;
 136 
    exit;
138 
}
 137 
}
139 
 
 138 
 
140 
 
 139 
 
141 
 
 140 
 
142 
$user = ll_get_user_by_email($email);
 141 
$user = ll_get_user_by_email($email);
143 
if($user) {
 142 
if ($user) {
144 
    $new_user = false;
 143 
    $new_user = false;
145 
} else {
 144 
} else {
146 
    $new_user = true;
 145 
    $new_user = true;
147 
    $username = ll_get_username_available($first_name, $last_name);
 146 
    $username = ll_get_username_available($first_name, $last_name);
148 
 
 147 
 
149 
    $user = ll_create_user($username, $email, $first_name, $last_name);
 148 
    $user = ll_create_user($username, $email, $first_name, $last_name);
150
149 
 
151 
    if($user) {
 - 
 
152
150 
    if ($user) {
153 
        $filename   = trim(isset($data['image_filename']) ? filter_var($data['image_filename'], FILTER_SANITIZE_EMAIL) : '');
 151 
 
154 
        $content    = trim(isset($data['image_content']) ? filter_var($data['image_content'], FILTER_SANITIZE_STRING) : '');
 152 
        $filename   = trim(isset($data['image_filename']) ? filter_var($data['image_filename'], FILTER_SANITIZE_EMAIL) : '');
155
153 
        $content    = trim(isset($data['image_content']) ? filter_var($data['image_content'], FILTER_SANITIZE_STRING) : '');
156
154 
 
157 
        if($filename && $content) {
 - 
 
158 
            $tempfile = __DIR__ . DIRECTORY_SEPARATOR . $filename;
 - 
 
159 
            try {
 155 
 
160 
                file_put_contents($filename, base64_decode($content));
 - 
 
161 
                if (file_exists($tempfile)) {
 156 
        if ($filename && $content) {
162 
                    $usericonid = process_new_icon( context_user::instance( $user->id, MUST_EXIST ), 'user', 'icon', 0, $tempfile );
 157 
            $tempfile = __DIR__ . DIRECTORY_SEPARATOR . $filename;
Línea 163... Línea 158...
163 
                    if ( $usericonid ) {
 158 
            try {
164 
                        $DB->set_field( 'user', 'picture', $usericonid, array( 'id' => $user->id ) );
 159 
                file_put_contents($filename, base64_decode($content));
165 
                    }
 160 
                if (file_exists($tempfile)) {
166 
                }
 161 
                    $usericonid = process_new_icon(context_user::instance($user->id, MUST_EXIST), 'user', 'icon', 0, $tempfile);
Línea 167... Línea 162...
167 
            } catch(\Throwable $e) {
 162 
                    if ($usericonid) {
168 
 
 163 
                        $DB->set_field('user', 'picture', $usericonid, array('id' => $user->id));
169 
            } finally {
164 
                    }
170 
                if(file_exists($tempfile)) {
 165 
                }
171 
                    unlink($tempfile);
 166 
            } catch (\Throwable $e) {
172 
                }
 167 
            } finally {
173 
            }
 - 
 
174 
 
 168 
                if (file_exists($tempfile)) {
175
169 
                    unlink($tempfile);
176 
        }
 170 
                }
177
171 
            }
178 
    }
 172 
        }
179 
}
173 
    }
Línea 211... Línea 205...
211 
                    $instanceid = $enrol->add_default_instance($course);
 205 
                    $instanceid = $enrol->add_default_instance($course);
212 
                    if ($instanceid === null) {
 206 
                    if ($instanceid === null) {
213 
                        $instanceid = $enrol->add_instance($course);
 207 
                        $instanceid = $enrol->add_instance($course);
214 
                    }
 208 
                    }
215 
                    $instance = $DB->get_record('enrol', array('id' => $instanceid));
 209 
                    $instance = $DB->get_record('enrol', array('id' => $instanceid));
216 
                    if($instance) {
 210 
                    if ($instance) {
217 
                        $enrol->enrol_user($instance, $user->id, $role->id);
 211 
                        $enrol->enrol_user($instance, $user->id, $role->id);
218 
                    }
 212 
                    }
219 
                }
 213 
                }
220
- 
 
221 
            }
 214 
            }
222 
        }
 215 
        }
223 
    }
 216 
    }
224
- 
 
225 
}
 217 
}
Línea 226... Línea 218...
226 
 
 218 
 
227 
 
 219 
 
228 
 
 220 
 
229 
 
 221 
 
Línea 230... Línea 222...
230 
$user = get_complete_user_data('id', $user->id);
 222 
$user = get_complete_user_data('id', $user->id);
231 
if (!isloggedin()) {
 223 
if (!isloggedin()) {
232 
    complete_user_login($user);
 - 
 
233 
}
 -