raspisms/controllers/internals/Command.php

<?php

/*
 * This file is part of RaspiSMS.
 *
 * (c) Pierre-Lin Bonnemaison <plebwebsas@gmail.com>
 *
 * This source file is subject to the GPL-3.0 license that is bundled
 * with this source code in the file LICENSE.
 */

namespace controllers\internals;

    class Command extends StandardController
    {
        protected $model;

        /**
         * Create a new command.
         *
         * @param int    $id_user : User id
         * @param string $name    : Command name
         * @param string $script  : Script file
         * @param bool   $admin   : Is command admin only
         *
         * @return mixed bool|int : False if cannot create command, id of the new command else
         */
        public function create(int $id_user, string $name, string $script, bool $admin)
        {
            $command = [
                'id_user' => $id_user,
                'name' => $name,
                'script' => $script,
                'admin' => $admin,
            ];

            $result = $this->get_model()->insert($command);
            if (!$result)
            {
                return false;
            }

            $internal_event = new Event($this->bdd);
            $internal_event->create($id_user, 'COMMAND_ADD', 'Ajout commande : ' . $name . ' => ' . $script);

            return $result;
        }

        /**
         * Update a command.
         *
         * @param int    $id_user : User id
         * @param int    $id      : Command id
         * @param string $name    : Command name
         * @param string $script  : Script file
         * @param bool   $admin   : Is command admin only
         *
         * @return mixed bool|int : False if cannot create command, id of the new command else
         */
        public function update_for_user(int $id_user, int $id, string $name, string $script, bool $admin)
        {
            $data = [
                'name' => $name,
                'script' => $script,
                'admin' => $admin,
            ];

            return $this->get_model()->update_for_user($id_user, $id, $data);
        }

        /**
         * Analyse a message to check if it's a command so execute it.
         *
         * @param int    $id_user : User id to search a command for
         * @param string $message : Message to analyse
         *
         * @return mixed bool|string : false if not a valid command, anonymized message if valid command
         */
        public function analyze_and_process(int $id_user, string $message)
        {
            if (!ENABLE_COMMAND)
            {
                return false;
            }

            $extracted_command = [];

            $decode_message = json_decode(trim($message), true);
            if (null === $decode_message)
            {
                return false;
            }

            if (!isset($decode_message['login'], $decode_message['password'], $decode_message['command']))
            {
                return false;
            }

            //Check for user
            $internal_user = new \controllers\internals\User($this->bdd);
            $user = $internal_user->check_credentials($decode_message['login'], $decode_message['password']);
            if (!$user || (int) $user['id'] !== $id_user)
            {
                return false;
            }

            //Find command
            $commands = $this->gets_for_user($user['id']);
            $find_command = false;
            foreach ($commands as $command)
            {
                if ($decode_message['command'] === $command['name'])
                {
                    $find_command = $command;

                    break;
                }
            }

            if (false === $find_command)
            {
                return false;
            }

            //Check for admin rights
            if ($find_command['admin'] && !$user['admin'])
            {
                return false;
            }

            //Forge command and return
            $decode_message['password'] = '******';
            $updated_text = json_encode($decode_message);

            $script = $find_command['script'];
            while (str_replace('..', '', $script) !== $script)
            {
                $script = str_replace('..', '', $script);
            }

            $generated_command = PWD_SCRIPTS . '/' . escapeshellarg($script);
            $args = $decode_message['args'] ?? '';
            $generated_command .= ' ' . escapeshellcmd($args);

            exec($generated_command);

            return $updated_text;
        }

        /**
         * Get the model for the Controller.
         */
        protected function get_model(): \models\Command
        {
            $this->model = $this->model ?? new \models\Command($this->bdd);

            return $this->model;
        }
    }
first refonte 2019-10-29 14:57:13 +01:00			`<?php`
Fix style and add config file to php-cs-fixer 2019-10-30 00:30:39 +01:00
			`/*`
update license 2019-11-10 17:48:54 +01:00			`* This file is part of RaspiSMS.`
Fix style and add config file to php-cs-fixer 2019-10-30 00:30:39 +01:00			`*`
update license 2019-11-10 17:48:54 +01:00			`* (c) Pierre-Lin Bonnemaison <plebwebsas@gmail.com>`
Fix style and add config file to php-cs-fixer 2019-10-30 00:30:39 +01:00			`*`
update license 2019-11-10 17:48:54 +01:00			`* This source file is subject to the GPL-3.0 license that is bundled`
Fix style and add config file to php-cs-fixer 2019-10-30 00:30:39 +01:00			`* with this source code in the file LICENSE.`
			`*/`

first refonte 2019-10-29 14:57:13 +01:00			`namespace controllers\internals;`
few coderules changes 2019-10-29 18:36:25 +01:00
Implement standard controller and model and update commands to use them 2019-11-12 20:46:45 +01:00			`class Command extends StandardController`
few coderules changes 2019-10-29 18:36:25 +01:00			`{`
Fix php style 2020-01-17 18:19:25 +01:00			`protected $model;`
Add transfer controller and model, remove database model and transfer responsabilities 2019-11-07 16:17:18 +01:00
few coderules changes 2019-10-29 18:36:25 +01:00			`/**`
Fix php style 2020-01-17 18:19:25 +01:00			`* Create a new command.`
			`*`
			`* @param int $id_user : User id`
			`* @param string $name : Command name`
			`* @param string $script : Script file`
			`* @param bool $admin : Is command admin only`
			`*`
Implement standard controller and model and update commands to use them 2019-11-12 20:46:45 +01:00			`* @return mixed bool\|int : False if cannot create command, id of the new command else`
first refonte 2019-10-29 14:57:13 +01:00			`*/`
Implement standard controller and model and update commands to use them 2019-11-12 20:46:45 +01:00			`public function create(int $id_user, string $name, string $script, bool $admin)`
first refonte 2019-10-29 14:57:13 +01:00			`{`
			`$command = [`
Implement standard controller and model and update commands to use them 2019-11-12 20:46:45 +01:00			`'id_user' => $id_user,`
first refonte 2019-10-29 14:57:13 +01:00			`'name' => $name,`
			`'script' => $script,`
			`'admin' => $admin,`
			`];`

Update internal controllers to use standard one 2019-11-14 02:02:50 +01:00			`$result = $this->get_model()->insert($command);`
Fix style and add config file to php-cs-fixer 2019-10-30 00:30:39 +01:00			`if (!$result)`
			`{`
first refonte 2019-10-29 14:57:13 +01:00			`return false;`
			`}`

Update internal controllers to use standard one 2019-11-14 02:02:50 +01:00			`$internal_event = new Event($this->bdd);`
fix php cs fixer concat operator to use space 2020-01-17 18:47:08 +01:00			`$internal_event->create($id_user, 'COMMAND_ADD', 'Ajout commande : ' . $name . ' => ' . $script);`
Fix php style 2020-01-17 18:19:25 +01:00
first refonte 2019-10-29 14:57:13 +01:00			`return $result;`
few coderules changes 2019-10-29 18:36:25 +01:00			`}`
Fix php style 2020-01-17 18:19:25 +01:00
few coderules changes 2019-10-29 18:36:25 +01:00			`/**`
Fix php style 2020-01-17 18:19:25 +01:00			`* Update a command.`
			`*`
			`* @param int $id_user : User id`
			`* @param int $id : Command id`
			`* @param string $name : Command name`
			`* @param string $script : Script file`
			`* @param bool $admin : Is command admin only`
			`*`
Implement standard controller and model and update commands to use them 2019-11-12 20:46:45 +01:00			`* @return mixed bool\|int : False if cannot create command, id of the new command else`
few coderules changes 2019-10-29 18:36:25 +01:00			`*/`
Implement standard controller and model and update commands to use them 2019-11-12 20:46:45 +01:00			`public function update_for_user(int $id_user, int $id, string $name, string $script, bool $admin)`
first refonte 2019-10-29 14:57:13 +01:00			`{`
rename all instances of 'datas' to 'data' 2021-01-17 03:16:57 +01:00			`$data = [`
first refonte 2019-10-29 14:57:13 +01:00			`'name' => $name,`
			`'script' => $script,`
			`'admin' => $admin,`
			`];`

rename all instances of 'datas' to 'data' 2021-01-17 03:16:57 +01:00			`return $this->get_model()->update_for_user($id_user, $id, $data);`
first refonte 2019-10-29 14:57:13 +01:00			`}`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00
			`/**`
fix codestyle 2020-06-23 21:06:13 +02:00			`* Analyse a message to check if it's a command so execute it.`
Fix php style 2020-01-17 18:19:25 +01:00			`*`
			`* @param int $id_user : User id to search a command for`
Extract messages processing from phone daemons and webhook daemons to place in internal controllers 2020-04-02 18:40:39 +02:00			`* @param string $message : Message to analyse`
Fix php style 2020-01-17 18:19:25 +01:00			`*`
Extract messages processing from phone daemons and webhook daemons to place in internal controllers 2020-04-02 18:40:39 +02:00			`* @return mixed bool\|string : false if not a valid command, anonymized message if valid command`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`*/`
fix codestyle 2020-06-23 21:06:13 +02:00			`public function analyze_and_process(int $id_user, string $message)`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`{`
Fix command bash injection using filename + add constant to disable commands 2020-06-17 19:08:11 +02:00			`if (!ENABLE_COMMAND)`
			`{`
			`return false;`
			`}`

Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`$extracted_command = [];`

All working reception and sending with webhook. Commands still to test. Update test adapter to use local files 2020-01-07 17:55:16 +01:00			`$decode_message = json_decode(trim($message), true);`
Fix php style 2020-01-17 18:19:25 +01:00			`if (null === $decode_message)`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`{`
			`return false;`
			`}`

Fix command now fully working with json 2020-01-08 16:17:12 +01:00			`if (!isset($decode_message['login'], $decode_message['password'], $decode_message['command']))`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`{`
			`return false;`
			`}`

			`//Check for user`
Fix command now fully working with json 2020-01-08 16:17:12 +01:00			`$internal_user = new \controllers\internals\User($this->bdd);`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`$user = $internal_user->check_credentials($decode_message['login'], $decode_message['password']);`
Remove risky fix on PHPCsFixer + fix bad command interpretation 2021-02-23 00:40:59 +01:00			`if (!$user \|\| (int) $user['id'] !== $id_user)`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`{`
			`return false;`
			`}`

			`//Find command`
			`$commands = $this->gets_for_user($user['id']);`
			`$find_command = false;`
			`foreach ($commands as $command)`
			`{`
Fix command now fully working with json 2020-01-08 16:17:12 +01:00			`if ($decode_message['command'] === $command['name'])`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`{`
Fix command now fully working with json 2020-01-08 16:17:12 +01:00			`$find_command = $command;`
Fix php style 2020-01-17 18:19:25 +01:00
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`break;`
			`}`
			`}`

Fix command now fully working with json 2020-01-08 16:17:12 +01:00			`if (false === $find_command)`
			`{`
			`return false;`
			`}`
Fix php style 2020-01-17 18:19:25 +01:00
Fix command now fully working with json 2020-01-08 16:17:12 +01:00			`//Check for admin rights`
			`if ($find_command['admin'] && !$user['admin'])`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`{`
			`return false;`
			`}`

			`//Forge command and return`
			`$decode_message['password'] = '******';`
			`$updated_text = json_encode($decode_message);`
Fix php style 2020-01-17 18:19:25 +01:00
Fix command bash injection using filename + add constant to disable commands 2020-06-17 19:08:11 +02:00			`$script = $find_command['script'];`
			`while (str_replace('..', '', $script) !== $script)`
			`{`
			`$script = str_replace('..', '', $script);`
			`}`

			`$generated_command = PWD_SCRIPTS . '/' . escapeshellarg($script);`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`$args = $decode_message['args'] ?? '';`
fix php cs fixer concat operator to use space 2020-01-17 18:47:08 +01:00			`$generated_command .= ' ' . escapeshellcmd($args);`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00
Extract messages processing from phone daemons and webhook daemons to place in internal controllers 2020-04-02 18:40:39 +02:00			`exec($generated_command);`

			`return $updated_text;`
Add method to check for a command in a message 2020-01-06 23:38:45 +01:00			`}`
Fix php style 2020-01-17 18:19:25 +01:00
			`/**`
			`* Get the model for the Controller.`
			`*/`
use correct model and fix style 2021-07-19 17:32:23 +02:00			`protected function get_model(): \models\Command`
Fix php style 2020-01-17 18:19:25 +01:00			`{`
			`$this->model = $this->model ?? new \models\Command($this->bdd);`

			`return $this->model;`
			`}`
few coderules changes 2019-10-29 18:36:25 +01:00			`}`