User Tools

Site Tools


en-221-wschannel


WebService for Channels Information


<?php

# ========================================================================================
#
#   FOLLOWZUP PROJECT
#   WEBSERVICE FOR CHANNEL REQUESTS
#
# ========================================================================================
#
#   Copyright (C) 2016 Followzup.com
#
#   This program is free software: you can redistribute it and/or modify it under
#   the terms of the GNU General Public License as published by the Free Software
#   Foundation, either version 3 of the License, or any later version.
#
#   This program is distributed in the hope that it will be useful, but WITHOUT
#   ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
#   FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program.  If not, see <http://www.gnu.org/licenses/>
#
# ========================================================================================

    $wid       = "";
    $wkey1     = "";
    $wframe1   = "";
    $wretcode  = "0";
    $wretframe = "";
    $wresponse = "";
    $wdecrypt  = "";
    $wretmd5   = "";

    $wnow = gmdate("Y-m-d H:i:s");

#   Extract and sanitize POST parameters

    if ( isset($_POST["id"]) )    $wid     = sanitizeID($_POST["id"]);
    if ( isset($_POST["key"]) )   $wkey1   = sanitizeText($_POST["key"]);
    if ( isset($_POST["frame"]) ) $wframe1 = sanitizeText($_POST["frame"]);

#   Verify identification

    if ( !validateID($wid) or substr($wid,0,1) != "c" ) $wretcode = "6104";

    else
    {

#       Retrieve valid Channel attributes

        $wquery  = "select pkpri, channelseq
                      from channels, users, pkeys
                     where channels.idchannel = '$wid' and channels.iduser = users.iduser and channels.idkey = pkeys.idkey and
                           users.regstatus = 'a' and channels.regstatus != 'd'";

        $wres    = mysql_query($wquery);
        $wnumreg = mysql_num_rows($wres);

#       Verify for a valid Channel

        if ( $wnumreg == 0 ) $wretcode = "6104";

        else
        {

#           Retrieve attributes (Private RSA key and last sequence)

            $wvetor      = mysql_fetch_row($wres);
            $wpri64      = $wvetor[0];
            $wchannelseq = $wvetor[1];

#           Decode and decrypt POST parameters using Private RSA key

            $wpri    = base64_decode($wpri64);
            $wkey2   = base64_decode($wkey1);
            $wframe2 = base64_decode($wframe1);

            openssl_private_decrypt($wkey2,$wkey3,$wpri);
            $wdecrypt = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $wkey3, $wframe2, MCRYPT_MODE_CBC, str_repeat(chr(0),16));
            $wxml = @simplexml_load_string($wdecrypt);

#           Verify decrypt

            if ( $wdecrypt == "" or $wkey3 == "" or !isset($wxml->com) or !isset($wxml->seq) ) $wretcode = "6102";

            else
            {

#               Extract command and sequence from XML request

                $wcom = preg_replace("/[^a-z]/","",strtolower($wxml->com));
                $wseq = (int)$wxml->seq;

#               Verify valid command

                if ( "$wcom" != "smsg" and "$wcom" != "chck" ) $wretcode = "6103";

#               Verify sequence

                elseif ( $wseq != $wchannelseq + 1 )
                {

                    $wretcode = "6101";

#                   Build response for wrong sequence (return last sequence used)

                    $wresponse = "<" . '?xml version="1.0" encoding="utf-8"?' . ">" . "<followzup><seq>$wchannelseq</seq></followzup>";

                    $wretframe1 = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $wkey3, $wresponse, MCRYPT_MODE_CBC, str_repeat(chr(0),16));
                    $wretframe  = base64_encode($wretframe1);

                }

                else
                {

#                   Update Channel sequence

                    $wquery = "update channels set channelseq = $wseq where idchannel = '$wid'";
                    $wres   = mysql_query($wquery);

# ========================================================================================
#
#   CHCK Command - CHECK USER
#
#      Param:  FZUP_COMMAND  <com> = smsg
#              FZUP_LASTSEQ  <seq> = sequence
#              FZUP_USER     <usr> = UserID | e-mail
#              FZUP_SUBSCODE <sub> = 99999999
#
#      Return: <uid>User-ID</uid>
#              <reg>yes|no</reg>  (registered user?)
#
# ========================================================================================

                    if ( $wcom == "chck" )
                    {

#                       Sanitize CHCK parameters

                        $wsub = (int)$wxml->sub;
                        $wusr = sanitizeText($wxml->usr);

                        $wresponse = "<" . '?xml version="1.0" encoding="utf-8"?' . "><followzup>";

#                       Verify and sanitize USR parameter (E-mail or User-ID)

                        if ( validateEmail($wusr) )
                        {
                            $wflag = "email";
                            $wusr = sanitizeEmail($wusr);
                        }

                        elseif ( validateID($wusr) and substr($wusr,0,1) == "z" )
                        {
                            $wflag = "id";
                            $wusr = sanitizeID($wusr);
                        }

                        else $wflag = "error";

                        if ( $wflag == "error" ) $wretcode = "6106";

                        else
                        {

#                           Retrieve User attributes

                            if ( $wflag == "email" )

                                $wquery = "select subscriptions.iduser, subscriptions.subscode, subscriptions.datetry, users.email
                                             from subscriptions, users
                                            where subscriptions.idchannel = '$wid' and subscriptions.regstatus = 'a' and
                                                  subscriptions.iduser = users.iduser and
                                              users.email = '$wusr' and users.regstatus = 'a'";

                            else

                                $wquery = "select subscriptions.iduser, subscriptions.subscode, subscriptions.datetry, users.email
                                             from subscriptions, users
                                            where subscriptions.idchannel = '$wid' and subscriptions.regstatus = 'a' and
                                              subscriptions.iduser = users.iduser and
                                                  users.iduser = '$wusr' and users.regstatus = 'a'";

                            $wres = mysql_query($wquery);
                            $wnumreg = mysql_num_rows($wres);

#                           Make sure is a valid User

                            if ( $wnumreg == 0 ) $wretcode = "6203";

                            else
                            {

#                               Retrieve attributes

                                $wvetor   = mysql_fetch_row($wres);
                                $widuser  = $wvetor[0];
                                $wsign    = $wvetor[1];
                                $wdatetry = $wvetor[2];
                                $wemail   = $wvetor[3];

#                               Make sure current time is greater than next time to try (avoid bot actions)

                                if ( $wnow < $wdatetry ) $wretcode = "6204";

#                               Subscription Code is ok

                                elseif ( $wsub == $wsign )
                                {

#                                   Build response for right Subscription Code

                                    if ( $widuser != $wemail ) $wresponse = $wresponse . "<uid>$widuser</uid><reg>yes</reg>";
                                    else                       $wresponse = $wresponse . "<uid>$widuser</uid><reg>no</reg>";

                                }

#                               Subscription Code not ok

                                else
                                {

                                    $wretcode = "6204";

#                                   Uptade next time to try (current time plus 2 seconds to avoid bot actions)

                                    $wdatetry = gmdate("Y-m-d H:i:s", strtotime("+2 seconds"));
                                    $wquery = "update subscriptions set datetry = '$wdatetry' where idchannel = '$wid' and iduser = '$widuser'";
                                    $wres   = mysql_query($wquery);

                                }

                            }

                        }

                        $wresponse = $wresponse . "</followzup>";

                    }

# ========================================================================================
#
#   SMSG command - SEND MESSAGE ALL (broadcast message)
#
#      Param:  FZUP_COMMAND <com> = smsg
#              FZUP_LASTSEQ <seq> = sequence
#              FZUP_USER    <usr> = all
#              FZUP_HOURS   <hrs> = 999
#              FZUP_MSGTEXT <msg> = Message text
#              FZUP_MSGURL  <url> = Message URL
#
#      Return: <snt>total-sent</snt>
#
# ========================================================================================

                    elseif ( $wcom == "smsg" and $wxml->usr == "all" )
                    {

#                       Sanitize SMSG parameters

                        $whrs  = (int)$wxml->hrs;
                        $wmsg  = sanitizeText(base64_decode($wxml->msg));
                        $wurl  = sanitizeURL(base64_decode($wxml->url));
                        $wflag = validateURL(base64_decode($wxml->url));

                        $wresponse = "<" . '?xml version="1.0" encoding="utf-8"?' . "><followzup>";

#                       Set default time to live

                        if ( $whrs < 1 or $whrs > 960 ) $whrs = 24;

                        $wdateterm = gmdate("Y-m-d H:i:s", strtotime("+$whrs hours"));

#                       Verify message text

                        if ( $wmsg == "" or strlen($wmsg) > 200 ) $wretcode = "6108";

#                       Verify message URL

                        elseif ( !$wflag or strlen($wurl) > 200 ) $wretcode = "6110";

                        else
                        {

#                           Encode message text and URL

                            $wmsg = base64_encode($wmsg);
                            $wurl = base64_encode($wurl);

#                           Retrieve list of subscriber users

                            $wquery1 = "select subscriptions.iduser
                                          from subscriptions, users
                                          where subscriptions.idchannel = '$wid' and subscriptions.iduser = users.iduser and
                                                subscriptions.regstatus = 'a' and users.regstatus = 'a'
                                          order by subscriptions.iduser";

                            $wres1 = mysql_query($wquery1);
                            $wnumreg1 = mysql_num_rows($wres1);

#                           Send the message if any subscriber

                            if ( $wnumreg1 > 0 )
                            {

#                               Create message media (text and URL)

                                $wmediamd5 = md5("$wmsg;$wurl");
                                $wquery2   = "insert into medias (idchannel, mediamd5, mediatext, mediaurl) values ('$wid', '$wmediamd5', '$wmsg', '$wurl')";
                                $wres2     = mysql_query($wquery2);

#                               Register message for all subscribers

                                $wquery = "insert into messages (idchannel, iduser, mediamd5, dateincl, dateterm, hours, regstatus)
                                                         values ('$wid', 'all', '$wmediamd5', '$wnow', '$wdateterm', '$whrs', 'p')";

                                $wres = mysql_query($wquery);

                            }

#                           Build response (total messages sent)

                            $wresponse = $wresponse . "<snt>$wnumreg1</snt>";

                        }

                        $wresponse = $wresponse . "</followzup>";

                    }

# ========================================================================================
#
#   SMSG command - SEND MESSAGE LIST (unicast and multicast messages)
#
#      Param:  FZUP_COMMAND <com> = smsg
#              FZUP_LASTSEQ <seq> = sequence
#              FZUP_USER    <usr> = UserID,e-mail
#              FZUP_HOURS   <hrs> = 999
#              FZUP_MSGTEXT <msg> = Message text
#              FZUP_MSGURL  <url> = Message URL
#
#      Return: <snt>total-sent</snt>
#              <nsb>total-no-subs</nsb>
#              <inv>total-invalid</inv>
#
# ========================================================================================

                    elseif ( $wcom == "smsg" )
                    {

#                       Sanitize SMSG parameters

                        $wusr  = sanitizeText($wxml->usr);
                        $whrs  = (int)$wxml->hrs;
                        $wmsg  = sanitizeText(base64_decode($wxml->msg));
                        $wurl  = sanitizeURL(base64_decode($wxml->url));
                        $wflag = validateURL(base64_decode($wxml->url));

                        $wresponse = "<" . '?xml version="1.0" encoding="utf-8"?' . "><followzup>";

#                       Extract list of users

                        $wlista = explode(",",$wusr);

#                       Set default time to live

                        if ( $whrs < 1 or $whrs > 960 ) $whrs = 960;

                        $wdateterm = gmdate("Y-m-d H:i:s", strtotime("+$whrs hours"));

#                       Verify message text

                        if ( $wmsg == "" or strlen($wmsg) > 200 ) $wretcode = "6108";

#                       Verify list length

                        elseif ( count($wlista) > 200 ) $wretcode = "6109";

#                       Verify message URL

                        elseif ( !$wflag or strlen($wurl) > 200 ) $wretcode = "6110";

                        else
                        {

#                           Encode message text and URL

                            $wmsg = base64_encode($wmsg);
                            $wurl = base64_encode($wurl);

                            $wnewmsg  = 0;
                            $wnosubs  = 0;
                            $winvalid = 0;

                            foreach ( $wlista as $wusr )
                            {

#                               Verify and sanitize user from list (E-mail or User-ID)

                                if ( validateEmail($wusr) )
                                {
                                    $wflag = "email";
                                    $wusr = sanitizeEmail($wusr);
                                }

                                elseif ( validateID($wusr) and substr($wusr,0,1) == "z" )
                                {
                                    $wflag = "id";
                                    $wusr = sanitizeID($wusr);
                                }

                                else $wflag = "error";

#                               Add count for invalid users

                                if ( $wflag == "error" ) $winvalid = $winvalid + 1;

                                else
                                {

#                                   Retrieve user information

                                    if ( $wflag == "email" )

                                        $wquery = "select subscriptions.iduser
                                                 from subscriptions, users
                                                   where subscriptions.idchannel = '$wid' and subscriptions.regstatus = 'a' and
                                                      subscriptions.iduser = users.iduser and
                                                             users.email = '$wusr' and users.regstatus = 'a'";

                                    else

                                        $wquery = "select subscriptions.iduser
                                                 from subscriptions, users
                                                   where subscriptions.idchannel = '$wid' and subscriptions.regstatus = 'a' and
                                                      subscriptions.iduser = users.iduser and
                                                             users.iduser = '$wusr' and users.regstatus = 'a'";

                                    $wres = mysql_query($wquery);
                                    $wnumreg = mysql_num_rows($wres);

#                                   Add count for non-subscriber users

                                    if ( $wnumreg == 0 ) $wnosubs = $wnosubs + 1;

                                    else
                                    {

#                                       Retrieve attributes

                                        $wvetor = mysql_fetch_row($wres);
                                        $wusr   = $wvetor[0];

#                                       Add count for send messages

                                        $wnewmsg = $wnewmsg + 1;

#                                       Create message media (text and URL) when first user

                                        if ( $wnewmsg == 1 )
                                        {

                                            $wmediamd5 = md5("$wmsg;$wurl");
                                            $wquery2   = "insert into medias (idchannel, mediamd5, mediatext, mediaurl) values ('$wid', '$wmediamd5', '$wmsg', '$wurl')";
                                            $wres2     = mysql_query($wquery2);

                                        }

#                                       Register message for subscribers

                                        $wquery = "insert into messages (idchannel, iduser, mediamd5, dateincl, dateterm, hours, regstatus)
                                                                 values ('$wid', '$wusr', '$wmediamd5', '$wagora', '$wdateterm', '$whrs', 'p')";

                                        $wres   = mysql_query($wquery);

                                    }

                                }

                            }

#                           Build response (total messages sent, non-subscribers and invalid users)

                            $wresponse = $wresponse . "<snt>$wnewmsg</snt>";
                            $wresponse = $wresponse . "<nsb>$wnosubs</nsb>";
                            $wresponse = $wresponse . "<inv>$winvalid</inv>";

                        }

                        $wresponse = $wresponse . "</followzup>";

                    }

#                   Encrypt and encode XML response

                    $wretframe1 = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $wkey3, $wresponse, MCRYPT_MODE_CBC, str_repeat(chr(0),16));
                    $wretframe  = base64_encode($wretframe1);

                }

            }

        }

    }

#   Clear XML response when any Return Code not "0" (request ok) nor "6101" (invalid sequence)

    if ( $wretcode != "0" and $wretcode != "6101" ) $wretframe = "";

#   Calculate MD5 hash for XML response

    if ( $wretframe != "" ) $wretmd5 = md5("$wretframe");

#   Build POST response including Return Code, Return Frame (Encrypted XML response) and hash MD5

    header("Content-Type: application/xml; charset=utf-8;");
    echo "<" . '?xml version="1.0" encoding="utf-8"?' . ">";
    echo "<followzup>";
    echo     "<retcode>$wretcode</retcode>";
    echo     "<retframe>$wretframe</retframe>";
    echo     "<retmd5>$wretmd5</retmd5>";
    echo "</followzup>";

?>


en-221-wschannel.txt ยท Last modified: 2017/08/20 17:53 by admin

Page Tools