raspisms/controllers/internals/Command.php

160 lines
4.7 KiB
PHP
Raw Permalink Normal View History

2019-10-29 14:57:13 +01:00
<?php
/*
2019-11-10 17:48:54 +01:00
* This file is part of RaspiSMS.
*
2019-11-10 17:48:54 +01:00
* (c) Pierre-Lin Bonnemaison <plebwebsas@gmail.com>
*
2019-11-10 17:48:54 +01:00
* This source file is subject to the GPL-3.0 license that is bundled
* with this source code in the file LICENSE.
*/
2019-10-29 14:57:13 +01:00
namespace controllers\internals;
2019-10-29 18:36:25 +01:00
class Command extends StandardController
2019-10-29 18:36:25 +01:00
{
2020-01-17 18:19:25 +01:00
protected $model;
2019-10-29 18:36:25 +01:00
/**
2020-01-17 18:19:25 +01:00
* Create a new command.
*
* @param int $id_user : User id
* @param string $name : Command name
* @param string $script : Script file
* @param bool $admin : Is command admin only
*
* @return mixed bool|int : False if cannot create command, id of the new command else
2019-10-29 14:57:13 +01:00
*/
public function create(int $id_user, string $name, string $script, bool $admin)
2019-10-29 14:57:13 +01:00
{
$command = [
'id_user' => $id_user,
2019-10-29 14:57:13 +01:00
'name' => $name,
'script' => $script,
'admin' => $admin,
];
$result = $this->get_model()->insert($command);
if (!$result)
{
2019-10-29 14:57:13 +01:00
return false;
}
$internal_event = new Event($this->bdd);
$internal_event->create($id_user, 'COMMAND_ADD', 'Ajout commande : ' . $name . ' => ' . $script);
2020-01-17 18:19:25 +01:00
2019-10-29 14:57:13 +01:00
return $result;
2019-10-29 18:36:25 +01:00
}
2020-01-17 18:19:25 +01:00
2019-10-29 18:36:25 +01:00
/**
2020-01-17 18:19:25 +01:00
* Update a command.
*
* @param int $id_user : User id
* @param int $id : Command id
* @param string $name : Command name
* @param string $script : Script file
* @param bool $admin : Is command admin only
*
* @return mixed bool|int : False if cannot create command, id of the new command else
2019-10-29 18:36:25 +01:00
*/
public function update_for_user(int $id_user, int $id, string $name, string $script, bool $admin)
2019-10-29 14:57:13 +01:00
{
$data = [
2019-10-29 14:57:13 +01:00
'name' => $name,
'script' => $script,
'admin' => $admin,
];
return $this->get_model()->update_for_user($id_user, $id, $data);
2019-10-29 14:57:13 +01:00
}
/**
2020-06-23 21:06:13 +02:00
* Analyse a message to check if it's a command so execute it.
2020-01-17 18:19:25 +01:00
*
* @param int $id_user : User id to search a command for
* @param string $message : Message to analyse
2020-01-17 18:19:25 +01:00
*
* @return mixed bool|string : false if not a valid command, anonymized message if valid command
*/
2020-06-23 21:06:13 +02:00
public function analyze_and_process(int $id_user, string $message)
{
if (!ENABLE_COMMAND)
{
return false;
}
$extracted_command = [];
$decode_message = json_decode(trim($message), true);
2020-01-17 18:19:25 +01:00
if (null === $decode_message)
{
return false;
}
if (!isset($decode_message['login'], $decode_message['password'], $decode_message['command']))
{
return false;
}
//Check for user
$internal_user = new \controllers\internals\User($this->bdd);
$user = $internal_user->check_credentials($decode_message['login'], $decode_message['password']);
if (!$user || (int) $user['id'] !== $id_user)
{
return false;
}
//Find command
$commands = $this->gets_for_user($user['id']);
$find_command = false;
foreach ($commands as $command)
{
if ($decode_message['command'] === $command['name'])
{
$find_command = $command;
2020-01-17 18:19:25 +01:00
break;
}
}
if (false === $find_command)
{
return false;
}
2020-01-17 18:19:25 +01:00
//Check for admin rights
if ($find_command['admin'] && !$user['admin'])
{
return false;
}
//Forge command and return
$decode_message['password'] = '******';
$updated_text = json_encode($decode_message);
2020-01-17 18:19:25 +01:00
$script = $find_command['script'];
while (str_replace('..', '', $script) !== $script)
{
$script = str_replace('..', '', $script);
}
$generated_command = PWD_SCRIPTS . '/' . escapeshellarg($script);
$args = $decode_message['args'] ?? '';
$generated_command .= ' ' . escapeshellcmd($args);
exec($generated_command);
return $updated_text;
}
2020-01-17 18:19:25 +01:00
/**
* Get the model for the Controller.
*/
2021-07-19 17:32:23 +02:00
protected function get_model(): \models\Command
2020-01-17 18:19:25 +01:00
{
$this->model = $this->model ?? new \models\Command($this->bdd);
return $this->model;
}
2019-10-29 18:36:25 +01:00
}