aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/ogs/gridserver/usersessions/index.php
blob: e7a3817c359abcf3d61db12bf47033b735320eb6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?
// DIRTY HACK ALERT!!!!!!!!!!!!!
// The following code shows the vital importance of the r69 revision of the original gareth/ branch


// This file parses URLs of the format:
// usersessions/key/userid/data
// where key is the key to authenticate with the grid, userid is the user's LLUUID and data is the data about the user's session being requested
// if the data requested is left out, an XML response will be sent

error_reporting(E_ALL); // Remember kids, PHP errors kill XML-RPC responses and REST too! will the slaughter ever end?

include("../gridserver_config.inc.php");
include("../../common/database.inc.php");
include("../../common/util.inc.php");

// Parse out the parameters from the URL
$params = str_replace($grid_home,'', $_SERVER['REQUEST_URI']);
$params = str_replace("index.php/","",$params);
$params = split('/',$params);

// Die if the key doesn't match
if($params[1]!=$sim_recvkey) {
    die();
}

$link = mysql_connect($dbhost,$dbuser,$dbpasswd)
 OR die("Unable to connect to database");

mysql_select_db($dbname)
 or die("Unable to select database");

$agent_id = strtolower($params[2]);
$query = "SELECT * FROM sessions WHERE agent_id='$agent_id' AND session_active=1";

// if we have 4 params, then param 4 is the command
if(count($params)==4) {
        $cmd=$params['3'];
} else if(count($params)==5) {
        $circuit_code=$params[3];
        $cmd=$params[4];              // otherwise, 5 is the command and 4 is the circuit code
}

$result = mysql_query($query);
if(mysql_num_rows($result)>0) {
	$info=mysql_fetch_assoc($result);
        $circuit_code = $info['circuit_code'];
        if($circuit_code == 0) $circuit_code=$params['4'];
	$secure_session_id=$info['secure_session_id'];
        $session_id=$info['session_id'];

        $query = "SELECT * FROM local_user_profiles WHERE userprofile_LLUUID='$agent_id'";
        $result=mysql_query($query);
        $userinfo=mysql_fetch_assoc($result);
        $firstname=$userinfo['profile_firstname'];
        $lastname=$userinfo['profile_lastname'];
        $agent_id=$userinfo['userprofile_LLUUID'];
	$exists=1;
} else {
	$exists=0;
}

// if only 3 params, assume we are sending an XML response
if(count($params)==3) {
	output_xml_block("usersession",Array(
            'authkey' => $sim_sendkey,
            'circuit_code' => $circuit_code,
            'agent_id' => $agent_id,
            'session_id' => $session_id,
            'secure_session_id' => $secure_session_id,
            'firstname' => $firstname,
            'lastname' => $lastname
        ));
}

switch($cmd) {
	case 'exists':
		echo $exists;
	break;
        case 'delete':
                $query = "UPDATE sessions SET session_active=0, session_end=NOW() WHERE agent_id='$agent_id' LIMIT 1";
                $deleteresult = mysql_query($query);
	break;
}
?>