Untitled

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

require_once 'vendor/autoload.php';

header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token, Authorization, X-Requested-With');

header('Content-Type: application/json');

//session_set_cookie_params(3600,"/react");
//@session_start();

use \Firebase\JWT\JWT;

JWT::$leeway = 3600*3; // $leeway in seconds

$privateKey = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAycKKa5tjn39sntykesOvPaG+9HviIggjcRBud3X4yOt9Rres
bd3WRTrvaa2Qq7qIsNLnB2PCfCOlhGZq7xW9Qa75OlsMBQDCGvEgZ14NANyaQ8xQ
XmPgttartomWhOp44IwFsnubnhc21/67/Y5ZFTIEPWkGWtkw0i6NMUUKErebMe8l
3kwJPZRwYkq6RW4eEn0k5TS5lRatm5EX+F9+5gKS5MGdgjkeItgDLuNHbJSYvCoN
Jshtd4IVl7r1x9vEIOHU03O1K/SGeZCtnJeBuWrjP3z6Idom1rpWrvlS8U8QGazE
Jgq2Rmft3SFBimxJOaGWk+PtLYhZJM/bq1if1QIDAQABAoIBACVOWXXoN5WIZDdD
qQ4iHMcSn1JpjbipNJR1a1efcq8EDBgFYla2TCZk7VvnAfce+KNpe9p78bwugy5m
GaO3q1T325GUwDY0m6+Lomg6lcDxCX07zCiH40crjnikHDbbfBpZCbyk6nNi63so
2O3bYlFu/CW2w7wMqOBURzsy/tfS0t0FGrwd/ht+FdGYA49inmtGp17T662HO4eT
B2Fck7jmRdv1Q1XRI052EY9OAL096IGzJhPZnZbRdeOxnLPO/cjlXQbceNlPqx/p
eczuJGwYF+RcOUz3ztDOf17uojh6DcN7Bnz6gq4Yaug9HXC292D6vvyCQkll4hSJ
ZKL3/IkCgYEA+71xphNgUL5YCPJ/toy5EP66Y/UZLOzB6kgZqf5v68DGaD64bTjV
0YG7Gb6ZHNl6ybJoAhZMqCJB3WZWACf+qqPMB9TEN3Jal3Yr7bBhNprqNVNA4D30
MnoNRoZOdDWmEXQNNgd173SzlaUcimtc45+ZCrWIEv20BQ4SnyRMxXMCgYEAzSyU
UeyfMvOtGkAjIEvHpU97NW93uxpurtExvLlrTj6rm/Ye1g67tRUwr1tCAso5lkLD
Gq0del7HBzMNfbpRw4KC5R2U69YRU4mnuVKsJUyhTC+qTKanIa8/1wwbBcq87qTC
9lpjQ/RTx4lvnhy6TQ4Ncr6vtECkTMU/bgnM85cCgYEAgy4yFc/NBeZaa7cqNA9a
tO94Y3QqPU3WsuYFcZ8j5V8cROBCLLBMQ5Nt0zmOAgmWQZqVNlk2cvr/BYc5U3WD
8JnQTVhjM12EtZ6fv4mE7vaFC2qpyPCf2tndJx3/rfDy6+9knv3+R9yxZE6Y88yE
qBzXnEwCb5sC/wtZStKYqt8CgYAU+OiUUzaWs7fPBh1REM3whOZYOPOpKXOE5RdL
bjycu+U4xPiz8r+XK/pVAmQF+vvV8y8US/vGZWe8wagwYNo4vN96YgK19KTCwEBn
vh6glWuraPfka+iLlelVpwQgHHAhiK/xFJ4u9QuXSuIg7FjSxYv0Xa+CIlVpD4SD
T/cmMwKBgBdo6y3cqgCtBoByF5+t6x3xefChFilGno/ZY1XI36B+Fdj/HiHjQOD3
Wx7qf6akZGCIfK+Hc4nz3PT1sO7ukmNpDuHqpYjbtucxIsTpUgwn1lTj3JbJWa32
xlV3L6RdINGT3KbaMyUlnJhpJ+Rsd5lqQYCsgyyGr/yFy4VkqdiO
-----END RSA PRIVATE KEY-----
EOD;

$publicKey = <<<EOD
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycKKa5tjn39sntykesOv
PaG+9HviIggjcRBud3X4yOt9Rresbd3WRTrvaa2Qq7qIsNLnB2PCfCOlhGZq7xW9
Qa75OlsMBQDCGvEgZ14NANyaQ8xQXmPgttartomWhOp44IwFsnubnhc21/67/Y5Z
FTIEPWkGWtkw0i6NMUUKErebMe8l3kwJPZRwYkq6RW4eEn0k5TS5lRatm5EX+F9+
5gKS5MGdgjkeItgDLuNHbJSYvCoNJshtd4IVl7r1x9vEIOHU03O1K/SGeZCtnJeB
uWrjP3z6Idom1rpWrvlS8U8QGazEJgq2Rmft3SFBimxJOaGWk+PtLYhZJM/bq1if
1QIDAQAB
-----END PUBLIC KEY-----
EOD;

$db = new mysqli(null, "bbrc", "vppCS4Q2cDMY5WDB", "bbrc");
if (!$db || $db->connect_error) {
    $ret['Error'] = true;
    $ret['Message'] = $db->connect_error;
    die(json_encode($ret));
}
$db->query("SET NAMES UTF8;") or die("couldnt set sql names");
$db->query("SET FOREIGN_KEY_CHECKS = 0;") or die("couldnt set 65757");

function ensureLoggedIn() {
    return TRUE;
}

function generateToken($data) {
    global $privateKey;

    $tokenId    = base64_encode(mcrypt_create_iv(32));
    $issuedAt   = time();
    $notBefore  = $issuedAt - 3601;             //Adding 10 seconds
    $expire     = $notBefore + (3 * 24 * 60 * 60);            // 3 days
    $serverName = "secure.bbrc.tv"; // Retrieve the server name from config file

    /*
     * Create the token as an array
     */
    $token  = [
        'iat'  => $issuedAt,         // Issued at: time when the token was generated
        'jti'  => $tokenId,          // Json Token Id: an unique identifier for the token
        'iss'  => $serverName,       // Issuer
        'nbf'  => $notBefore,        // Not before
        'exp'  => $expire,           // Expire
        'data' => $data
    ];
    return [
        "token" => JWT::encode($token, $privateKey, 'RS256'),
        "data" => $token
    ];
}

// https://www.chriswiegman.com/2014/05/getting-correct-ip-address-php/
function get_ip() {
    //Just get the headers if we can or else use the SERVER global.
    if ( function_exists( 'apache_request_headers' ) ) {
        $headers = apache_request_headers();
    } else {
        $headers = $_SERVER;
    }

    //Get the forwarded IP if it exists.
    if ( array_key_exists( 'X-Forwarded-For', $headers ) && filter_var( $headers['X-Forwarded-For'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ) {
        $the_ip = $headers['X-Forwarded-For'];
    } elseif ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $headers ) && filter_var( $headers['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ) {
        $the_ip = $headers['HTTP_X_FORWARDED_FOR'];
    } else {

        $the_ip = filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 );
    }
    return $the_ip;
}

if (isset($_GET['login'])) {

    $query = "
        INSERT INTO audit SET
            users_id = 0,
            tag = 'Login',
            val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
            val2 = '" . $db->real_escape_string(get_ip()) . "',
            val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
            description = 'Login attempt'
    ";
    $db->query($query) or die("95839204553 : " . $db->error);

    $ret = array();
    $ret['status'] = "";

    $data = json_decode(file_get_contents('php://input'), true);
    if (isset($data['username']) && isset($data['password'])) {
        $query = "
          SELECT
            *
          FROM users
          WHERE
            username = '" . $db->real_escape_string($data['username']) . "'
            AND password = '" . md5($data['password']) . "'
          LIMIT 1
        ";
        $res = $db->query($query) or die("4354675464 : " . $db->error);
        while ($row = $res->fetch_assoc()) {
            $query = "
                INSERT INTO audit SET
                    users_id = 0,
                    tag = 'Login',
                    val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
                    val2 = '" . $db->real_escape_string(get_ip()) . "',
                    val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
                    description = 'Login successful'
            ";
            $db->query($query) or die("95839204553 : " . $db->error);

            $ret['token'] = generateToken([
                'userId'   => (int)$row['id'],
                'userName' => $row['username'],
                'admin' => false
            ]);
        }
        if (strtolower($data['username']) == "admin" && $data['password'] == "gooey.1444") {
            $query = "
                INSERT INTO audit SET
                    users_id = 0,
                    tag = 'Login',
                    val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
                    val2 = '" . $db->real_escape_string(get_ip()) . "',
                    val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
                    description = 'Admin login successful'
            ";
            $db->query($query) or die("95839204553 : " . $db->error);

            $ret['token'] = generateToken([
                'userId'   => 1234,
                'userName' => "admin",
                'admin' => true
            ]);
        }
    }

    if (!isset($ret['token'])) {


        $token = null;
        //$headers = apache_request_headers();
        //var_dump($headers,$_SERVER);
        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
            $query = "
                INSERT INTO audit SET
                    users_id = 0,
                    tag = 'Login',
                    val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
                    val2 = '" . $db->real_escape_string(get_ip()) . "',
                    val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
                    description = 'User has submitted a new login request'
            ";
                    $db->query($query) or die("95839204553 : " . $db->error);

          $matches = array();
          preg_match('/Bearer (.*)/', $_SERVER['HTTP_AUTHORIZATION'], $matches);
          if (isset($matches[1])) {
            //die("1224");
            $token = $matches[1];
            //die("got auth! ;) " . $token);
            $decoded = NULL;
            try {

                $decoded = JWT::decode($token, $publicKey, array('RS256'));
                if ($decoded !== NULL) {
                    $ret['token'] = generateToken($decoded->data);
                }
            } catch (\Exception $e) {
                //die("invalid token " . var_export($e, true));
                $query = "
                    INSERT INTO audit SET
                        users_id = 0,
                        tag = 'Login',
                        val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
                        val2 = '" . $db->real_escape_string(get_ip()) . "',
                        val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
                        description = 'Token invalid!'
                ";
                            $db->query($query) or die("95839204553 : " . $db->error);
            }
            //$ret['_debug_decoded'] = $decoded;
            //$ret['_debug_token'] = $token;

            if ($decoded === NULL) {
                $query = "
                    INSERT INTO audit SET
                        users_id = 0,
                        tag = 'Login',
                        val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
                        val2 = '" . $db->real_escape_string(get_ip()) . "',
                        val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
                        description = 'No token'
                ";
                            $db->query($query) or die("95839204553 : " . $db->error);

                //var_dump($decoded);die();
            }
          }
        }
        //die("got auth header " . $token);
        //$decoded = JWT::decode($_REQUEST['Authorization'])
    }

    if (isset($ret['token'])) {

        //ADD CONFIDENTIAL DATA TO $RET HERE, WE ARE AUTHORISED!
        $query = "
            INSERT INTO audit SET
                users_id = 0,
                tag = 'Login',
                val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
                val2 = '" . $db->real_escape_string(get_ip()) . "',
                val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
                description = 'User loading data!'
        ";
            $db->query($query) or die("95839204553 : " . $db->error);

        $ret['persons'] = array();

        $query = "
            SELECT * FROM persons
        ";
        $res = $db->query($query) or die("457666435454 : " . $db->error);
        while ($row = $res->fetch_object()) {
            array_push($ret['persons'], array(
                'name' => $row->name,
                'notes' => $row->notes,
                'image' => "api.php?image=" . $row->id
            ));
        }
    }
    echo json_encode($ret);
    exit;
}

if (isset($_GET['upload'])) {
    $query = "
        INSERT INTO audit SET
            users_id = 0,
            tag = 'Login',
            val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
            val2 = '" . $db->real_escape_string(get_ip()) . "',
            val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
            description = 'Sync starting'
    ";
    $db->query($query) or die("95839204553 : " . $db->error);

    ensureLoggedIn("Admin");
    global $db;

    if ($_POST['_user'][0] !== "1" || $_POST['_pass'][0] !== "2") die("-ERR invalid credentials " . var_dump($_FILES,$_POST));
    //die(var_dump($_FILES,$_POST));

    $ret = "";
    $ret2 = "";

    $db->begin_transaction();

    $query = "
        DELETE FROM persons
    ";
    $db->query($query) or die("34634577 : " . $db->error);

    $i = count($_POST['names']);
    $i2 = count($_POST['notes']);
    $i3 = count($_FILES['image']['tmp_name']);
    if ($i !== $i2) die("length of names not equal to length of notes " . var_export($_POST, true) . var_export($_FILES, true));
    if ($i !== $i3) die("length of names not equal to length of files " . var_export($_POST, true) . var_export($_FILES, true));
    if ($i2 !== $i3) die("length of notes not equal to length of files " . var_export($_POST, true) . var_export($_FILES, true));
    for ($c = 0; $c < $i; $c++) {
        $f = file_get_contents($_FILES['image']['tmp_name'][$c]);
        if (strlen($f) < 1000) die("-ERR too short " . var_export($_FILES, true));
        $ret .= ", file_len=" . strlen($f);
        $ret .= " name=" . $_POST['names'][$c];
        $ret .= " note=" . $_POST['notes'][$c];

        $query = "
            INSERT INTO persons SET
                `name`='" . $db->real_escape_string($_POST['names'][$c]) . "',
                `notes`='" . $db->real_escape_string($_POST['notes'][$c]) . "',
                `image`='" . $db->real_escape_string($f) . "'
        ";
        $db->query($query) or die("984930578 : " . $db->error);

        $ret .= " insert_id=" . $db->insert_id;
    }

    $query = "
        INSERT INTO audit SET
            users_id = 0,
            tag = 'Login',
            val1 = '" . $db->real_escape_string(date(DATE_RFC2822)) . "',
            val2 = '" . $db->real_escape_string(get_ip()) . "',
            val3 = '" . $db->real_escape_string(@gethostbyaddr(get_ip())) . "',
            description = 'Sync successful'
    ";
    $db->query($query) or die("95839204553 : " . $db->error);

    $db->commit() or die("857894578934");
    echo "SUCCESS - Sync OK"; //  thanks for " . $ret . " bytes id=" . $ret2;
}

if (isset($_GET['image'])) {
    ensureLoggedIn();
    global $db;
    header("Content-Type: image/jpeg");
    $query = "
        SELECT
            *
        FROM persons
        WHERE id = '" . (int)$_GET['image'] . "'
        LIMIT 1
    ";
    $res = $db->query($query) or die("549359408 : " . $db->error);
    if ($row = $res->fetch_object()) {
        $img = $row->image;
        $key = "abcdef";
        $key = "857348957348572390578:" . $key;
        $key = sha1($key);
        $key = strtoupper($key);
        $key = substr($key, 0, 32);
        $iv = "467578546746745675465";
        $iv = sha1($iv);
        $iv = strtoupper($iv);
        $iv = substr($iv, 0, 32);
        echo mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $img, MCRYPT_MODE_CBC, $iv);
    }
}

if (isset($_GET['audit'])) {
    $ret = [];
    $ret['debug'] = json_encode($_GET);

    $ret['results'] = [];

    $query = "
        SELECT
            *
        FROM audit
        ORDER BY id DESC
        LIMIT 0,15
    ";
    $res = $db->query($query) or die("534895784 : " . $db->error);
    while ($row = $res->fetch_assoc()) {
        array_push($ret['results'], $row);
    }

    // $row = [];
    // $row['user'] = "admin";
    // $row['date'] = time();
    // $row['message'] = "Test";

    // array_push($ret['results'], $row);

    $ret['info'] = [
        "seed" => "00c1d817b954f8e1",
        "results" => count($ret['results']),
        "page" => 1,
        "version" => "1.1"
    ];

    die(json_encode($ret));
}

if($_SERVER['REQUEST_METHOD'] == 'PUT' &&  isset($_GET['user'])) {
    $data = file_get_contents("php://input");
    if (empty($data)) {
        die(json_encode('err'));
    }
    parse_str($data, $post_vars);
    if(isset($post_vars['id']) && $post_vars['id']>0){
    $query = "
            UPDATE users SET
                `username`='" . $db->real_escape_string($post_vars['userName']) . "',
                `password`=md5('" . $db->real_escape_string($post_vars['password']) . "'),
                `access_level`='" . $db->real_escape_string($post_vars['level']) . "'
                 WHERE id=" . $post_vars['id']. "";
        $db->query($query) or die("123925473 : " . $db->error);
        die('updated');
    }else{
    $query = "
            INSERT INTO users SET
                `username`='" . $db->real_escape_string($post_vars['userName']) . "',
                `password`=md5('" . $db->real_escape_string($post_vars['password']) . "'),
                `access_level`='" . $db->real_escape_string($post_vars['level']) . "'
        ";
        $db->query($query) or die("185923573 : " . $db->error);
        die('added');
    }
    die(json_encode('err'));
}
if($_SERVER['REQUEST_METHOD'] == 'DELETE' &&  isset($_GET['user'])) {
    $id = $_GET['user'];
    if($id){
        $query = "DELETE FROM users WHERE id=" . $id;
        $db->query($query) or die("15329404732 : " . $db->error);
        die('deleted');
    }else
        die('err');
}
if (isset($_GET['users'])) {

    $query = "SELECT * FROM users";
    $res = $db->query($query) or die("534895784 : " . $db->error);

    $ret = [];
    $ret['results'] = [];

    while ($row = $res->fetch_assoc()) {
        $tmp = [];
        $tmp['user'] = $row['username'];
        $tmp['type'] = $row['access_level'];
        $tmp['id'] = $row['id'];
        array_push($ret['results'], $tmp);
    }

    /*$row = [];
    $row['user'] = "admin";
    $row['type'] = "Admin";
    $row['id'] = 123;

    array_push($ret['results'], $row);*/

    $ret['info'] = [
        "seed" => "00c1d817b954f8e1",
        "results" => 1,
        "page" => 1,
        "version" => "1.1"
    ];

    die(json_encode($ret));
}