From 64ccd91469d8f7fa0f2f1f6ef0c75681f1c67fd6 Mon Sep 17 00:00:00 2001
From: haitem <silentislp@gmail.com>
Date: Sun, 25 Oct 2020 17:46:06 +0100
Subject: [PATCH] Some edit

---
 api.php                             | 319 ++++++++++++++++++++++++++++
 app/Bootstrap.php                   |   1 +
 app/Routes.php                      |   1 +
 app/controllers/loginController.php |   1 -
 app/models/managers/UserManager.php |   2 +-
 app/views/templates/device.phtml    |   4 +-
 6 files changed, 324 insertions(+), 4 deletions(-)
 create mode 100644 api.php

diff --git a/api.php b/api.php
new file mode 100644
index 0000000..8433449
--- /dev/null
+++ b/api.php
@@ -0,0 +1,319 @@
+<?php
+/** Includes **/
+include_once('./config.php');
+
+//Autoloader
+$files = scandir('./app/class/');
+$files = array_diff($files, array(
+	'.',
+	'..',
+	'app',
+	'ChartJS.php',
+	'ChartJS_Line.php',
+	'ChartManager.php',
+	'DashboardManager.php',
+	'Partial.php',
+	'Form.php',
+	'Route.php',
+	'Template.php',
+	'Ajax.php',
+));
+
+foreach($files as $file) {
+	include './app/class/'.  $file;
+}
+
+//Allow acces only wia Curl, Ajax ETC
+$restAcess = 'XMLHttpRequest' == ( $_SERVER['HTTP_X_REQUESTED_WITH'] ?? '' );
+if (!$restAcess){
+	header('Location: ./');
+}
+
+//Log
+$logManager = new LogManager();
+$apiLogManager = new LogManager('./app/logs/api/'. date("Y-m-d").'.log');
+
+//DB Conector
+Db::connect (DBHOST, DBUSER, DBPASS, DBNAME);
+
+//Read API data
+$json = file_get_contents('php://input');
+$obj = json_decode($json, true);
+
+//Log RAW api request
+if (API_DEBUGMOD == 1) {
+	$apiLogManager->write("[API] request body\n" . json_encode($obj, JSON_PRETTY_PRINT), LogRecordType::INFO);
+}
+
+//zabespecit proti Ddosu
+if (isset($obj['user']) && $obj['user'] != ''){
+	//user at home
+	$user = UserManager::getUser($obj['user']);
+	$userAtHome = $user['at_home'];
+	if (!empty($user)) {
+		$userId = $user['user_id'];
+		$atHome = $obj['atHome'];
+		if($userAtHome != $atHome){
+			UserManager::atHome($userId, $atHome);
+			$logManager->write("[USER] user " . $userId . " changet his home state to " . $atHome , LogRecordType::INFO);
+		}
+		echo 'Saved: ' . $atHome;
+		header($_SERVER["SERVER_PROTOCOL"]." 200 OK");
+		die();
+	}
+}
+
+//Filtrování IP adress
+if (DEBUGMOD != 1) {
+	if (!in_array($_SERVER['REMOTE_ADDR'], HOMEIP)) {
+		echo json_encode(array(
+			'state' => 'unsuccess',
+			'errorMSG' => "Using API from your IP insnt alowed!",
+		), JSON_PRETTY_PRINT);
+		header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized");
+		$logManager->write("[API] acces denied from " . $_SERVER['REMOTE_ADDR'], LogRecordType::WARNING);
+		exit();
+	}
+}
+
+//automationExecution
+try {
+	AutomationManager::executeAll();
+	$fallbackManager = new FallbackManager(RANGES);
+	$fallbackManager->check();
+	//LogKeeper::purge(LOGTIMOUT);
+} catch (\Exception $e) {
+	$logManager->write("[Automation] Something happen during automation execution", LogRecordType::ERROR);
+}
+
+//Record Cleaning
+try {
+	RecordManager::clean(RECORDTIMOUT);
+} catch (\Exception $e) {
+	$logManager->write("[Record] cleaning record older that " . RECORDTIMOUT , LogRecordType::ERROR);
+}
+
+//Variables
+$token = $obj['token'];
+$values = null;
+$settings = null;
+$deviceLogs = null;
+$command = "null";
+
+if (isset($obj['values'])) {
+	$values = $obj['values'];
+}
+
+if (isset($obj['settings'])) {
+	$settings = $obj['settings'];
+}
+
+if (isset($obj['logs'])) {
+	$deviceLogs = $obj['logs'];
+}
+
+
+
+//Checks
+if ($token == null || $token == "") {
+	echo json_encode(array(
+		'state' => 'unsuccess',
+		'errorMSG' => "Missing Value Token in JSON payload",
+	), JSON_PRETTY_PRINT);
+	header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized");
+	die();
+}
+
+//Vstupní Checky
+if (!DeviceManager::registeret($token)) {
+	//Notification data setup
+	$notificationMng = new NotificationManager;
+	$notificationData = [
+		'title' => 'Info',
+		'body' => 'New device Detected Found',
+		'icon' => BASEDIR . '/app/templates/images/icon-192x192.png',
+	];
+
+	//Subdevice Registration
+	$deviceId = DeviceManager::create($token, $token);
+	foreach ($values as $key => $value) {
+		if (!SubDeviceManager::getSubDeviceByMaster($deviceId, $key)) {
+			SubDeviceManager::create($deviceId, $key, UNITS[$key]);
+		}
+	}
+	
+	//Notification for newly added Device
+	if ($notificationData != []) {
+		$subscribers = $notificationMng::getSubscription();
+		foreach ($subscribers as $key => $subscriber) {
+			$logManager->write("[NOTIFICATION] SENDING TO" . $subscriber['id'] . " ", LogRecordType::INFO);
+			$notificationMng::sendSimpleNotification(SERVERKEY, $subscriber['token'], $notificationData);
+		}
+	}
+
+	header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized");
+	echo json_encode(array(
+		'state' => 'unsuccess',
+		'errorMSG' => "Device not registeret",
+	), JSON_PRETTY_PRINT);
+	$logManager->write("[API] Registering Device", LogRecordType::INFO);
+	exit();
+}
+
+if (!DeviceManager::approved($token)) {
+	header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized");
+	echo json_encode(array(
+		'state' => 'unsuccess',
+		'errorMSG' => "Unaproved Device",
+	), JSON_PRETTY_PRINT);
+	exit();
+}
+
+// Diagnostic Data Write to DB
+if ($settings != null && $settings != ""){
+	$data = ['mac' => $settings["network"]["mac"], 'ip_address' => $settings["network"]["ip"]];
+	if (array_key_exists("firmware_hash", $settings)) {
+		$data['firmware_hash'] = $settings["firmware_hash"];
+	}
+	DeviceManager::editByToken($token, $data);
+	$jsonAnswer = [
+		'state' => 'succes',
+		'command' => $command,
+	];
+	echo json_encode($jsonAnswer, JSON_PRETTY_PRINT);
+	header($_SERVER["SERVER_PROTOCOL"]." 200 OK");
+	die();
+}
+
+// Issuing command
+if ($command == "null"){
+	$device = DeviceManager::getDeviceByToken($token);
+	$deviceId = $device['device_id'];
+	$deviceCommand = $device["command"];
+	if ($deviceCommand != '' && $deviceCommand != null && $deviceCommand != "null")
+	{
+		$command = $deviceCommand;		
+		$data = [
+			'command'=>'null'
+		];
+		DeviceManager::editByToken($token, $data);
+		$logManager->write("[API] Device_ID " . $deviceId . " executing command " . $command, LogRecordType::INFO);
+	} 
+}
+
+// Diagnostic Logs Write To log File
+if ($deviceLogs != null && $deviceLogs != ""){
+	foreach ($deviceLogs as $log) {
+		$logManager->write("[Device Log Msg] Device_ID " . $deviceId . "->" . $log, LogRecordType::ERROR);
+	}
+	$jsonAnswer = [
+		'state' => 'succes',
+		'command' => $command,
+	];
+	echo json_encode($jsonAnswer, JSON_PRETTY_PRINT);
+	header($_SERVER["SERVER_PROTOCOL"]." 200 OK");
+	die();
+}
+
+// Subdevices first data!
+if ($values != null && $values != "") {
+
+	//ZAPIS
+	$device = DeviceManager::getDeviceByToken($token);
+	$deviceId = $device['device_id'];
+	foreach ($values as $key => $value) {
+		if (!SubDeviceManager::getSubDeviceByMaster($deviceId, $key)) {
+			SubDeviceManager::create($deviceId, $key, UNITS[$key]);
+		}
+		RecordManager::create($deviceId, $key, round($value['value'],3));
+		$logManager->write("[API] Device_ID " . $deviceId . " writed value " . $key . ' ' . $value['value'], LogRecordType::INFO);
+
+		//notification
+		if ($key == 'door' || $key == 'water') {
+			$notificationMng = new NotificationManager;
+			$notificationData = [];
+
+			switch ($key) {
+				case 'door':
+					$notificationData = [
+						'title' => 'Info',
+						'body' => 'Someone just open up '.$device['name'],
+						'icon' => BASEDIR . '/app/templates/images/icon-192x192.png',
+					];
+
+				break;
+				case 'water':
+					$notificationData = [
+						'title' => 'Alert',
+						'body' => 'Wather leak detected by '.$device['name'],
+						'icon' => BASEDIR . '/app/templates/images/icon-192x192.png',
+					];
+				break;
+			}
+			if (DEBUGMOD) $notificationData['body'] .= ' value='.$value['value'];
+			if ($notificationData != []) {
+				$subscribers = $notificationMng::getSubscription();
+				foreach ($subscribers as $key => $subscriber) {
+					$logManager->write("[NOTIFICATION] SENDING TO" . $subscriber['id'] . " ", LogRecordType::INFO);
+					$notificationMng::sendSimpleNotification(SERVERKEY, $subscriber['token'], $notificationData);
+				}
+			}
+		}
+	}
+
+	$hostname = strtolower($device['name']);
+	$hostname = str_replace(' ', '_', $hostname);
+	//upravit format na setings-> netvork etc
+	$jsonAnswer = [
+		'device' => [
+			'hostname' => $hostname,
+			'ipAddress' => $device['ip_address'],
+			'subnet' => $device['subnet'],
+			'gateway' => $device['gateway'],
+		],
+		'state' => 'succes',
+		'command' => $command,
+	];
+
+	$subDevicesTypeList = SubDeviceManager::getSubDeviceSTypeForMater($deviceId);
+	if (!in_array($subDevicesTypeList, ['on/off', 'door', 'water'])) {
+		$jsonAnswer['device']['sleepTime'] = $device['sleep_time'];
+	}
+	echo json_encode($jsonAnswer, JSON_PRETTY_PRINT);
+	header($_SERVER["SERVER_PROTOCOL"]." 200 OK");
+} else {
+	//Vypis
+	$device = DeviceManager::getDeviceByToken($token);
+	$deviceId = $device['device_id'];
+
+	if (count(SubDeviceManager::getAllSubDevices($deviceId)) == 0) {
+		SubDeviceManager::create($deviceId, 'on/off', UNITS[$key]);
+		//RecordManager::create($deviceId, 'on/off', 0);
+	}
+
+	$subDeviceId = SubDeviceManager::getAllSubDevices($deviceId)[0]['subdevice_id'];
+	$subDeviceLastReord = RecordManager::getLastRecord($subDeviceId);
+	$subDeviceLastReordValue = $subDeviceLastReord['value'];
+
+	if ($subDeviceLastReord['execuded'] == 0){
+		$logManager->write("[API] subDevice_ID ".$subDeviceId . " executed comand with value " .$subDeviceLastReordValue . " record id " . $subDeviceLastReord['record_id'] . " executed " . $subDeviceLastReord['execuded'], LogRecordType::INFO);
+		RecordManager::setExecuted($subDeviceLastReord['record_id']);
+	}
+
+	echo json_encode(array(
+		'device' => [
+			'hostname' => $device['name'],
+			'ipAddress' => $device['ip_address'],
+			'subnet' => $device['subnet'],
+			'gateway' => $device['gateway'],
+		],
+		'state' => 'succes',
+		'value' => $subDeviceLastReordValue,
+		'command' => $command,
+	), JSON_PRETTY_PRINT);
+	header($_SERVER["SERVER_PROTOCOL"]." 200 OK");
+}
+
+unset($logManager);
+Db::disconect();
+die();
diff --git a/app/Bootstrap.php b/app/Bootstrap.php
index b45c175..d174c2e 100644
--- a/app/Bootstrap.php
+++ b/app/Bootstrap.php
@@ -8,6 +8,7 @@ ini_set ('session.cookie_httponly', '1');
 ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);
 ini_set('session.cookie_path', str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])));
 ini_set('session.cookie_secure', '1');
+ini_set('session.gc_maxlifetime', 1209600);
 mb_internal_encoding ("UTF-8");
 
 session_start();
diff --git a/app/Routes.php b/app/Routes.php
index 385d0c5..a3d32e6 100644
--- a/app/Routes.php
+++ b/app/Routes.php
@@ -33,6 +33,7 @@ $router->get('/api/server', 'ServerApi@default');
 $router->get('/api/server/log', 'ServerApi@logStatus');
 $router->post('/api/widgets/{widgetId}/run', 'WidgetApi@run');
 $router->get('/api/widgets/{widgetId}/detail', 'WidgetApi@detail');
+$router->get('/adminer', 'WidgetApi@detail');
 
 //cron
 $router->post('/cron/clean', 'CronApi@clean');
diff --git a/app/controllers/loginController.php b/app/controllers/loginController.php
index aafab1f..4248b44 100644
--- a/app/controllers/loginController.php
+++ b/app/controllers/loginController.php
@@ -27,7 +27,6 @@ if (
 	isset($_POST['otaCode']) &&
 	$_POST['otaCode'] != ''
 ) {
-
 	$otaCode = $_POST['otaCode'];
 	$otaSecret = $_POST['otaSecret'];
 
diff --git a/app/models/managers/UserManager.php b/app/models/managers/UserManager.php
index 3aa6250..35339b4 100644
--- a/app/models/managers/UserManager.php
+++ b/app/models/managers/UserManager.php
@@ -43,7 +43,7 @@ class UserManager
 
 	public static function login ($username, $password, $rememberMe) {
 		try {
-			if ($user = Db::loadOne ('SELECT * FROM users WHERE LOWER(username)=LOWER(?) OR LOWER(email)=LOWER(?)', array ($username, $username))) {
+			if ($user = Db::loadOne ('SELECT * FROM users WHERE (LOWER(username)=LOWER(?) OR LOWER(email)=LOWER(?))', array ($username, $username))) {
 				if ($user['password'] == UserManager::getHashPassword($password)) {
 					if (isset($rememberMe) && $rememberMe == 'true') {
 						setcookie ("rememberMe", self::setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), BASEDIR, $_SERVER['HTTP_HOST'], 1);
diff --git a/app/views/templates/device.phtml b/app/views/templates/device.phtml
index dbd5aa5..789b7c4 100644
--- a/app/views/templates/device.phtml
+++ b/app/views/templates/device.phtml
@@ -89,7 +89,7 @@
 									<i class="fa <?php echo $icon; ?>" style="color: <?php echo $color; ?>;"></i>
 									<?php echo $device['firmware_hash'] ?>
 									<button class="fa custom-file-input" type="button" onclick="document.getElementById('deviceFirmware-<?php echo $device['device_id'] ?>').click();">&#xf0ee;</button>
-									<form style="display: none;" method="post" action="" enctype="multipart/form-data">
+									<form style="display: none;" method="POST" action="" enctype="multipart/form-data">
 										<input type="hidden" name="deviceId" value="<?php echo (!empty($device['device_id']) ? $device['device_id'] : ""); ?>">
 										<input type="file" onchange="this.form.submit();" name="deviceFirmware" id="deviceFirmware-<?php echo $device['device_id'] ?>" value="">
 									</form>
@@ -129,4 +129,4 @@
 		</script>
 </body>
 
-</html>
\ No newline at end of file
+</html>