X-Git-Url: https://git.defcon.no/?a=blobdiff_plain;f=api%2Fphone.php;h=999824b237bb8795937bd98ca0f1cdad36b40045;hb=e3ea78bd48d210947fcfcb73977e6a34e6b31293;hp=9437d66b47738961781d344ca57c5fd2172d5573;hpb=220a8d4c07bfb4cb6be8122fda7dc6ceb0d1da8f;p=hermes

diff --git a/api/phone.php b/api/phone.php
index 9437d66..999824b 100644
--- a/api/phone.php
+++ b/api/phone.php
@@ -1,5 +1,32 @@
 <?php
+/*
+#  Copyright (c) 2012, GjÃ¸vik University College
+#  All rights reserved.
+
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions are met:
+#      * Redistributions of source code must retain the above copyright
+#        notice, this list of conditions and the following disclaimer.
+#      * Redistributions in binary form must reproduce the above copyright
+#        notice, this list of conditions and the following disclaimer in the
+#        documentation and/or other materials provided with the distribution.
+#      * Neither the name of the GjÃ¸vik University College nor the
+#        names of its contributors may be used to endorse or promote products
+#        derived from this software without specific prior written permission.
+#       
+#  THIS SOFTWARE IS PROVIDED BY GjÃ¸vik University College ''AS IS'' AND ANY
+#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+#  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+#  DISCLAIMED. IN NO EVENT SHALL GjÃ¸vik University College BE LIABLE FOR ANY
+#  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+#  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+#  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
 require_once('config.php');
+require_once('lib/auth_base.php');
 require_once('lib/user_functions.php');
 require_once('lib/common_functions.php');
 require_once('lib/db_functions.php');
@@ -17,6 +44,7 @@ if ( !$config['sql_link'] )
 	print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
 	exit;
 }
+token_auth();
 
 //*************************************************************************************	
 	switch ( $_SERVER['PATH_INFO'] )
@@ -25,9 +53,9 @@ if ( !$config['sql_link'] )
 			// Required GET parameters:
 			// user: authentication username, SIP-username without domain component
 			// domain: Domain/realm of the user. username + '@' + domain == SIP address.
-			if ( array_key_exists( 'mac', $_GET) )
+			if ( array_key_exists( 'mac', $_POST) )
 			{
-				$mac = $_GET['mac'];
+				$mac = $_POST['mac'];
 				$relations = get_phone_users ( $mac );
 				if ( $relations )
 				{
@@ -35,18 +63,18 @@ if ( !$config['sql_link'] )
 				}
 				else print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant', 'detail' => 'No results.'));
 			}
-			else if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) || array_key_exists('user', $_GET) )
+			else if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) || array_key_exists('user', $_POST) )
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -69,8 +97,8 @@ if ( !$config['sql_link'] )
 		case "/list":
 			// List all (distinct) phone MAC-adresses registered...
 			$search = null;
-			if ( array_key_exists('search', $_GET ) )
-				$search = $_GET['search'];
+			if ( array_key_exists('search', $_POST ) )
+				$search = $_POST['search'];
 
 			$phones = list_phones( $search );
 			print json_encode( array( 'response' => 'ok', 'list' => $phones ));
@@ -87,20 +115,20 @@ if ( !$config['sql_link'] )
 				domain    A valid domain .. to form a registered user@domain combo :)
 
 			*/
-			if ( array_key_exists('mac', $_GET ) &&
-				( array_key_exists('user', $_GET) ||
-					( array_key_exists('username', $_GET) && array_key_exists('domain', $_GET ))))
+			if ( array_key_exists('mac', $_POST ) &&
+				( array_key_exists('user', $_POST) ||
+					( array_key_exists('username', $_POST) && array_key_exists('domain', $_POST ))))
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -108,7 +136,7 @@ if ( !$config['sql_link'] )
 					}
 					list ( $username, $domain ) = $user;
 				}
-				$mac = clean_mac($_GET['mac']);
+				$mac = clean_mac($_POST['mac']);
 				if ( !$mac )
 				{
 					print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'No valid MAC address given.') );
@@ -134,8 +162,7 @@ if ( !$config['sql_link'] )
 				}
 				else
 				{
-					print json_encode( array ( 'response' => 'ok', 'data' => array (
-						'mac' => $mac, 'username' => $username, 'domain' => $domain) ));
+					print json_encode( array ( 'response' => 'ok', 'mac' => $mac, 'username' => $username, 'domain' => $domain) );
 					break;
 				}
 				break;
@@ -157,20 +184,20 @@ if ( !$config['sql_link'] )
 				domain    A valid domain .. to form a registered user@domain combo :)
 
 			*/
-			if ( array_key_exists('mac', $_GET ) &&
-				( array_key_exists('user', $_GET) ||
-					( array_key_exists('username', $_GET) && array_key_exists('domain', $_GET ))))
+			if ( array_key_exists('mac', $_POST ) &&
+				( array_key_exists('user', $_POST) ||
+					( array_key_exists('username', $_POST) && array_key_exists('domain', $_POST ))))
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -178,7 +205,7 @@ if ( !$config['sql_link'] )
 					}
 					list ( $username, $domain ) = $user;
 				}
-				$mac = clean_mac($_GET['mac']);
+				$mac = clean_mac($_POST['mac']);
 				if ( !$mac )
 				{
 					print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'No valid MAC address given.') );
@@ -199,7 +226,7 @@ if ( !$config['sql_link'] )
 				}
 				else
 				{
-					print json_encode( array ( 'response' => 'ok' ));
+					print json_encode( array ( 'response' => 'ok', 'mac' => $mac, 'username' => $username, 'domain' => $domain ));
 					break;
 				}
 				break;