%PDF-
%PDF-
Mini Shell
Mini Shell
<?
define("NOT_CHECK_PERMISSIONS", true);
define("NO_KEEP_STATISTIC", true);
require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php");
IncludeModuleLangFile(__FILE__);
/** @var CMain $APPLICATION */
/** @var CDatabase $DB */
/** @var CUser $USER */
CModule::IncludeModule("controller");
$oRequest = new CControllerServerRequestFrom();
$oResponse = new CControllerServerResponseTo($oRequest);
$skip_handler = false;
function __try_run()
{
global $skip_handler, $oResponse;
if ($skip_handler)
return "";
$res = ob_get_contents();
$oResponse->status = "500 Execution Error";
$oResponse->text = $res;
return $oResponse->GetResponseBody(true);
}
ob_start("__try_run");
if ($oRequest->operation != 'join' && !$oRequest->Check())
{
$oResponse->status = "403 Access Denied";
$oResponse->text = "Access Denied";
}
else
{
switch ($oRequest->operation)
{
case 'remote_auth':
$url = $oRequest->arParameters['site'];
$url = CControllerMember::_GoodURL($url);
$dbr_mem = CControllerMember::GetList(array(), array(
"=URL" => $url,
"=DISCONNECTED" => "N",
"=ACTIVE" => "Y",
));
$ar_mem = $dbr_mem->Fetch();
if (!$ar_mem)
{
$oResponse->status = "472 Bad site.";
$oResponse->text = "Invalid site ID";
break;
}
$res = CControllerMember::CheckUserAuth($ar_mem["ID"], $oRequest->arParameters['login'], $oRequest->arParameters['password']);
if (is_array($res))
{
$oResponse->arParameters = $res;
$oResponse->status = "200 OK";
if (\Bitrix\Controller\AuthLogTable::isEnabled())
{
$dbr = CControllerMember::GetByGuid($oRequest->member_id);
$fromMember = $dbr->Fetch();
\Bitrix\Controller\AuthLogTable::logSiteToSiteAuth(
$ar_mem["ID"],
$fromMember["ID"],
true,
'CONTROLLER_WS',
$res['USER_INFO']['NAME'].' '.$res['USER_INFO']['LAST_NAME'].' ('.$res['USER_INFO']['LOGIN'].')'
);
}
}
else
{
$oResponse->status = "473 Bad password.";
$e = $APPLICATION->GetException();
$oResponse->text = $e->GetString();
}
break;
case 'check_auth':
$dbr = CControllerMember::GetByGuid($oRequest->member_id);
$arControllerMember = $dbr->Fetch();
$arControllerLog = array(
'NAME' => 'AUTH',
'CONTROLLER_MEMBER_ID' => $arControllerMember["ID"],
'STATUS' => 'Y',
);
$err = '';
$arParams = array(
"LOGIN" => &$oRequest->arParameters['login'],
"PASSWORD" => &$oRequest->arParameters['password'],
"PASSWORD_ORIGINAL" => "Y",
);
foreach (GetModuleEvents("main", "OnBeforeUserLogin", true) as $arEvent)
{
if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false)
{
if ($e = $APPLICATION->GetException())
$err = $e->GetString();
else
$err = 'Unknown event error';
break;
}
}
$user_id = 0;
if (!$err)
{
//external authentication
foreach (GetModuleEvents("main", "OnUserLoginExternal", true) as $arEvent)
{
$user_id = ExecuteModuleEventEx($arEvent, array(&$arParams));
if ($user_id > 0)
{
break;
}
}
}
if ($user_id > 0)
$dbUser = CUser::GetByID($user_id);
else
$dbUser = CUser::GetByLogin($oRequest->arParameters['login']);
if (!($arUser = $dbUser->Fetch()))
{
$oResponse->status = "444 User is not found.";
$oResponse->text = "User is not found.";
$arControllerLog['STATUS'] = 'N';
$arControllerLog['DESCRIPTION'] = $oResponse->text;
$a = CControllerLog::Add($arControllerLog);
}
else
{
if (strlen($arUser["PASSWORD"]) > 32)
{
$salt = substr($arUser["PASSWORD"], 0, strlen($arUser["PASSWORD"]) - 32);
$db_password = substr($arUser["PASSWORD"], -32);
}
else
{
$salt = "";
$db_password = $arUser["PASSWORD"];
}
$altPassword = null;
if ($arParams['OTP'])
{
$altPassword = substr($oRequest->arParameters['password'], 0, -6);
}
if ($err)
{
$oResponse->status = "445 Event Error.";
$oResponse->text = $err;
$arControllerLog['STATUS'] = 'N';
$arControllerLog['DESCRIPTION'] = $oResponse->text;
$a = CControllerLog::Add($arControllerLog);
}
elseif (
$arUser['ACTIVE'] == 'Y'
&& (
$user_id > 0 //External auth
|| md5($db_password.'MySalt') == md5(md5($salt.$oRequest->arParameters['password']).'MySalt')
|| (
$altPassword
&& md5($db_password.'MySalt') == md5(md5($salt.$altPassword).'MySalt')
)
)
)
{
$arSaveUser = CControllerClient::PrepareUserInfo($arUser);
$arSaveUser["GROUP_ID"] = Array();
$bCanAuthorize = $USER->CanDoOperation("controller_member_auth", $arUser['ID']);
$arUserGroups = CUser::GetUserGroup($arUser['ID']);
$arParams['USER_ID'] = $arUser['ID'];
if (
CModule::IncludeModule('security')
&& !\Bitrix\Security\Mfa\Otp::verifyUser($arParams)
)
{
$oResponse->status = "443 Bad password.";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_PASSW");
break;
}
elseif ($bCanAuthorize)
{
$arSaveUser['CONTROLLER_ADMIN'] = 'Y';
$arSaveUser["GROUP_ID"][] = "administrators";
}
elseif (COption::GetOptionString("controller", "auth_loc_enabled", "N") != "Y")
{
$oResponse->status = "423 Remote Authorization Disabled.";
$oResponse->text = "Remote authorization disabled on controller.";
break;
}
$arLocGroups = \Bitrix\Controller\GroupMapTable::getMapping("CONTROLLER_GROUP_ID", "REMOTE_GROUP_CODE");
foreach ($arLocGroups as $arTGroup)
{
foreach ($arUserGroups as $group_id)
{
if ($arTGroup["FROM"] == $group_id)
$arSaveUser["GROUP_ID"][] = $arTGroup["TO"];
}
}
foreach (GetModuleEvents("controller", "OnBeforeSendCheckAuth", true) as $arEvent)
{
ExecuteModuleEventEx($arEvent, array($arControllerMember, &$arSaveUser));
}
$oResponse->status = "200 OK";
$oResponse->arParameters['USER_INFO'] = $arSaveUser;
$arControllerLog['DESCRIPTION'] = $arSaveUser['NAME'].' '.$arSaveUser['LAST_NAME'].' ('.$arSaveUser['LOGIN'].')';
$a = CControllerLog::Add($arControllerLog);
if (\Bitrix\Controller\AuthLogTable::isEnabled())
{
\Bitrix\Controller\AuthLogTable::logControllerToSiteAuth(
$arControllerMember["ID"],
$arUser['ID'],
true,
'CONTROLLER_WS',
$arSaveUser['NAME'].' '.$arSaveUser['LAST_NAME'].' ('.$arSaveUser['LOGIN'].')'
);
}
}
else
{
$oResponse->status = "443 Bad password.";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_PASSW");
$arControllerLog['STATUS'] = 'N';
$arControllerLog['DESCRIPTION'] = $oResponse->text;
$a = CControllerLog::Add($arControllerLog);
}
}
break;
case 'join';
// check rights for add
if ($USER->Login($oRequest->arParameters['admin_login'], $oRequest->arParameters['admin_password']) !== true)
{
$oResponse->status = "413 Bad login";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_LEVEL");
break;
}
if (!$USER->CanDoOperation("controller_member_add"))
{
$oResponse->status = "413 Bad admin";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_LEVEL");
break;
}
$oResponse->secret_id = $oRequest->arParameters['member_secret_id'];
// check if that site is agree?
//if(!($res = CControllerMember::RegisterMemberByTicket($oRequest->member_id, $oRequest->arParameters['member_secret_id'], $oRequest->arParameters['ticket_id'], $oRequest->arParameters['url'], $oRequest->session_id)))
$ar_member = Array(
"MEMBER_ID" => $oRequest->member_id,
"SECRET_ID" => $oRequest->arParameters['member_secret_id'],
"NAME" => (strlen($oRequest->arParameters['name']) > 0? $oRequest->arParameters['name']: $oRequest->arParameters['url']),
"URL" => $oRequest->arParameters['url'],
"EMAIL" => $oRequest->arParameters['email'],
"CONTACT_PERSON" => $oRequest->arParameters['contact_person'],
"CONTROLLER_GROUP_ID" => (
$oRequest->arParameters['group_id']
? $oRequest->arParameters['group_id']
: COption::GetOptionInt("controller", "default_group", 1)
),
"SHARED_KERNEL" => ($oRequest->arParameters['shared_kernel'] == "Y"? "Y": "N"),
);
$dbr_mem = CControllerMember::GetList(Array(), Array("URL" => CControllerMember::_GoodURL($oRequest->arParameters['url']), "DISCONNECTED" => "I"));
if (($ar_mem = $dbr_mem->Fetch()) && CControllerMember::_GoodURL($ar_mem["URL"]) == CControllerMember::_GoodURL($oRequest->arParameters['url']))
$ar_member["ID"] = $ar_mem["ID"];
if ($ID = CControllerMember::RegisterMemberByTicket($ar_member, $oRequest->arParameters['ticket_id'], $oRequest->session_id))
{
$oResponse->status = "200 OK";
$oResponse->arParameters['ID'] = $ID;
}
else
{
$oResponse->status = "453 RegisterMemberByTicket error";
$e = $APPLICATION->GetException();
$oResponse->text = $e->GetString();
}
break;
// all ok? then we need update settings
case 'init_group_update':
$dbr = CControllerMember::GetByGuid($oRequest->member_id);
if ($ar = $dbr->Fetch())
{
if (CControllerMember::SetGroupSettings($ar["ID"]) !== false)
$oResponse->status = "200 OK";
else
{
$oResponse->status = "510 Set group settings error";
$e = $APPLICATION->GetException();
$oResponse->text = $e->GetString();
}
}
else
{
$oResponse->status = "404 Member is not found";
$oResponse->text = GetMessage("CTRLR_WS_ERR_MEMB_NFOUND");
}
break;
case 'remove':
$USER->Login($oRequest->arParameters['admin_login'], $oRequest->arParameters['admin_password']);
if (!$USER->CanDoOperation("controller_member_disconnect"))
{
$oResponse->status = "416 Bad admin";
$oResponse->text = GetMessage("CTRLR_WS_ERR_MEMB_DISCN");
break;
}
$dbr = CControllerMember::GetByGuid($oRequest->member_id);
if (!($ar = $dbr->Fetch()))
{
$oResponse->status = "484";
$oResponse->text = GetMessage("CTRLR_WS_ERR_MEMB_NFOUND");
break;
}
if (CControllerMember::RemoveGroupSettings($ar["ID"]))
{
if (CControllerMember::UnRegister($ar["ID"]))
{
$oResponse->Sign(); // sign the response before deleting
//CControllerMember::Delete($ar["ID"]);
$oResponse->status = "200 OK";
}
else
{
$oResponse->status = "576 Unregister error";
$e = $APPLICATION->GetException();
$oResponse->text = $e->GetString();
}
}
else
{
$oResponse->status = "545 Remove group settings error";
$e = $APPLICATION->GetException();
$oResponse->text = $e->GetString();
}
break;
case 'query':
$arCommand = CControllerMember::_CheckCommandId($oRequest->member_id, $oRequest->arParameters['command_id']);
set_time_limit(1200);
if ($arCommand !== false)
{
if ($oRequest->arParameters['sendfile'] == 'Y' && strlen($arCommand['ADD_PARAMS']) > 3)
{
$arParams = unserialize($arCommand['ADD_PARAMS']);
if (is_array($arParams) && array_key_exists('FILE', $arParams))
{
$oResponse->status = '200 OK';
$oResponse->arParameters['command'] = $arCommand['COMMAND'];
$oResponse->arParameters['path_to'] = $arParams['PATH_TO'];
if (file_exists($_SERVER['DOCUMENT_ROOT'].$arParams['FILE']))
$oResponse->arParameters['file'] = file_get_contents($_SERVER['DOCUMENT_ROOT'].$arParams['FILE']);
elseif (file_exists($arParams['FILE']))
$oResponse->arParameters['file'] = file_get_contents($arParams['FILE']);
}
else
{
$oResponse->status = '555 File not found';
$oResponse->text = GetMessage('CTRLR_WS_ERR_FILE_NOT_FOUND');
}
}
elseif (strlen($arCommand['COMMAND']) > 0)
{
$oResponse->status = '200 OK';
$oResponse->arParameters['query'] = $arCommand['COMMAND'];
}
else
{
$oResponse->status = "404 Command not found";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_COMMAND");
}
}
else
{
$oResponse->status = "404 Command not found";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_COMMAND");
}
break;
case 'log':
$dbr = CControllerMember::GetByGuid($oRequest->member_id);
$ar = $dbr->Fetch();
if (!$ar)
{
$oResponse->status = "484";
$oResponse->text = GetMessage("CTRLR_WS_ERR_MEMB_NFOUND");
break;
}
$a = CControllerLog::Add(array(
"CONTROLLER_MEMBER_ID" => $ar["ID"],
"NAME" => $oRequest->arParameters['NAME'],
"DESCRIPTION" => $oRequest->arParameters['DESCRIPTION'],
));
if ($a > 0)
{
$oResponse->status = "200 OK";
}
else
{
$oResponse->status = "500 Execution error";
$e = $APPLICATION->GetException();
$oResponse->text = $e->GetString();
}
break;
case 'update_counters':
$dbr = CControllerMember::GetByGuid($oRequest->member_id);
if (!($ar = $dbr->Fetch()))
{
$oResponse->status = "484";
$oResponse->text = GetMessage("CTRLR_WS_ERR_MEMB_NFOUND");
break;
}
if (is_array(CControllerMember::UpdateCounters($ar["ID"])))
{
$oResponse->status = "200 OK";
}
else
{
$oResponse->status = "500 Execution error";
$e = $APPLICATION->GetException();
$oResponse->text = $e->GetString();
}
break;
case 'execute_event':
$rsClient = CControllerMember::GetByGuid($oRequest->member_id);
$arClient = $rsClient->Fetch();
if (!$arClient)
{
$oResponse->status = "484";
$oResponse->text = GetMessage("CTRLR_WS_ERR_MEMB_NFOUND");
break;
}
$params = $oRequest->arParameters['parameters'];
array_unshift($params, $arClient);
$result = false;
foreach (GetModuleEvents("controller", $oRequest->arParameters['event_name'], true) as $arEvent)
{
$result = ExecuteModuleEventEx($arEvent, $params);
}
if ($result !== false)
{
$oResponse->arParameters['result'] = $result;
$oResponse->status = "200 OK";
}
else
{
$oResponse->status = "500 Execution error";
$e = $APPLICATION->GetException();
if (is_object($e))
$oResponse->text = $e->GetString();
}
break;
default:
$oResponse->status = "400 Bad operation";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_OPERID").$oRequest->operation;
break;
}
}
$skip_handler = true;
$oResponse->text .= ob_get_contents();
ob_end_clean();
if ($oRequest->Internal())
{
$oResponse->Send();
}
else
{
require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_after.php");
if ($oResponse->OK())
{
echo $oResponse->text;
}
else
{
ShowError(GetMessage("CTRLR_WS_ERR_RUN").$oResponse->text.'. '.GetMessage("CTRLR_WS_ERR_RUN_TRY"));
if (strlen($_SERVER['HTTP_REFERER']) > 0)
echo '<br>'.'<a href="'.htmlspecialcharsbx(CHTTP::urnEncode($_SERVER['HTTP_REFERER'])).'">'.GetMessage("CTRLR_WS_ERR_RUN_BACK").'</a>';
}
require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin.php");
}
?>
Zerion Mini Shell 1.0