AccountHub/apps/sync_mobile.php

<?php

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

dieifnotloggedin();

use Endroid\QrCode\ErrorCorrectionLevel;
use Endroid\QrCode\QrCode;

if (MOBILE_ENABLED) {

    $APPS["sync_mobile"]["title"] = $Strings->get("sync mobile", false);
    $APPS["sync_mobile"]["icon"] = "mobile";

    if (!is_empty($_GET['delsynccode'])) {
        if ($database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]])) {
            $database->delete("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]]);
        }
    }

    if ($_GET['mobilecode'] == "generate") {
        if (!is_empty($_GET['showsynccode']) && $database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]])) {
            $code = $database->get("mobile_codes", 'code', ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]]);
        } else {
            $code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
            $database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);
        }
        if (strpos(URL, "http") !== FALSE) {
            $url = URL . "mobile/index.php";
        } else {
            $url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "") . URL . "mobile/index.php";
        }
        $encodedurl = str_replace("/", "\\", $url);
        $codeuri = "bizsync://" . $encodedurl . "/" . $_SESSION['username'] . "/" . $code;
        $qrCode = new QrCode($codeuri);
        $qrCode->setWriterByName('svg');
        $qrCode->setSize(550);
        $qrCode->setErrorCorrectionLevel(ErrorCorrectionLevel::HIGH);
        $qrcode = $qrCode->writeDataUri();
        $chunk_code = trim(chunk_split($code, 5, ' '));
        $lang_done = $Strings->get("done adding sync code", false);
        $APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> '
                . $Strings->get("scan sync qrcode", false)
                . '</div>'
                . <<<END
<style nonce="$SECURE_NONCE">
.margintop-15px {
    margin-top: 15px;
}
.mono-chunk {
    text-align: center;
    font-size: 110%;
    font-family: monospace;
}
</style>
<img src="$qrcode" class="img-responsive qrcode" />
<div class="panel panel-default margintop-15px">
<div class="panel-body">
END
                . "<b>" . $Strings->get("manual setup", false) . "</b><br /><label>" . $Strings->get("username", false) . ":</label>"
                . '<div class="well well-sm mono-chunk">' . $_SESSION['username'] . '</div>'
                . "<label>" . $Strings->get("sync key", false) . "</label>"
                . <<<END
<div class="well well-sm mono-chunk">$chunk_code</div>
END
                . "<label>" . $Strings->get("url", false) . "</label>"
                . <<<END
<div class="well well-sm mono-chunk">$url</div>
</div>
</div>
<a class="btn btn-success btn-sm btn-block" href="home.php?page=sync">$lang_done</a>
END;
    } else {
        $activecodes = $database->select("mobile_codes", ["codeid", "code"], ["uid" => $_SESSION['uid']]);
        $content = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . $Strings->get("sync explained", false) . '</div>'
                . '<a class="btn btn-success btn-sm btn-block" href="home.php?page=sync&mobilecode=generate">'
                . $Strings->get("generate sync", false) . '</a>';
        $content .= "<br /><b>" . $Strings->get("active sync codes", false) . ":</b><br />";
        $content .= "<div class='list-group'>";
        if (count($activecodes) > 0) {
            foreach ($activecodes as $c) {
                $content .= "<div class='list-group-item mobilekey'><span id=\"mobilecode\">" . trim(chunk_split($c['code'], 5, ' ')) . "</span> <span class='tinybuttons'><a class='btn btn-primary btn-sm' href='home.php?page=sync&mobilecode=generate&showsynccode=" . $c['codeid'] . "'><i class='fa fa-qrcode'></i></a> <a class='btn btn-danger btn-sm' href='home.php?page=sync&delsynccode=" . $c['codeid'] . "'><i class='fa fa-trash'></i></a></span></div>";
            }
        } else {
            $content .= "<div class='list-group-item'>" . $Strings->get("no active codes", false) . "</div>";
        }
        $content .= "</div>";
        $content .= <<<END
            <style nonce="$SECURE_NONCE">
                .mobilekey {
                    display: flex;
                    flex-wrap: wrap;
                    justify-content: space-between;
                }
                .mobilekey #mobilecode {
                    font-family: Ubuntu Mono,monospace;
                    flex-shrink: 0;
                }
            </style>
END;
        $APPS["sync_mobile"]["content"] = $content;
    }
}
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00			`<?php`

Fully implement MPL-2.0 license 2017-12-16 13:27:09 -07:00			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00			`dieifnotloggedin();`

Update composer packages 2018-04-15 20:39:35 -06:00			`use Endroid\QrCode\ErrorCorrectionLevel;`
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00			`use Endroid\QrCode\QrCode;`

Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`if (MOBILE_ENABLED) {`
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`$APPS["sync_mobile"]["title"] = $Strings->get("sync mobile", false);`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`$APPS["sync_mobile"]["icon"] = "mobile";`
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`if (!is_empty($_GET['delsynccode'])) {`
			`if ($database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]])) {`
			`$database->delete("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]]);`
			`}`
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00			`}`

Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`if ($_GET['mobilecode'] == "generate") {`
			`if (!is_empty($_GET['showsynccode']) && $database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]])) {`
			`$code = $database->get("mobile_codes", 'code', ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]]);`
			`} else {`
			`$code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));`
			`$database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);`
			`}`
Fix bad sync codes when URL setting is not absolute 2017-08-06 23:42:17 -06:00			`if (strpos(URL, "http") !== FALSE) {`
			`$url = URL . "mobile/index.php";`
			`} else {`
			`$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "") . URL . "mobile/index.php";`
			`}`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`$encodedurl = str_replace("/", "\\", $url);`
			`$codeuri = "bizsync://" . $encodedurl . "/" . $_SESSION['username'] . "/" . $code;`
			`$qrCode = new QrCode($codeuri);`
Update composer packages 2018-04-15 20:39:35 -06:00			`$qrCode->setWriterByName('svg');`
			`$qrCode->setSize(550);`
			`$qrCode->setErrorCorrectionLevel(ErrorCorrectionLevel::HIGH);`
			`$qrcode = $qrCode->writeDataUri();`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`$chunk_code = trim(chunk_split($code, 5, ' '));`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`$lang_done = $Strings->get("done adding sync code", false);`
Add labels to manual sync setup details 2017-07-24 17:17:11 -06:00			`$APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> '`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`. $Strings->get("scan sync qrcode", false)`
Add labels to manual sync setup details 2017-07-24 17:17:11 -06:00			`. '</div>'`
			`. <<<END`
Refactor and enforce Content-Security-Policy 2017-11-13 16:14:47 -07:00			`<style nonce="$SECURE_NONCE">`
			`.margintop-15px {`
			`margin-top: 15px;`
			`}`
			`.mono-chunk {`
			`text-align: center;`
			`font-size: 110%;`
			`font-family: monospace;`
			`}`
			`</style>`
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00			`<img src="$qrcode" class="img-responsive qrcode" />`
Refactor and enforce Content-Security-Policy 2017-11-13 16:14:47 -07:00			`<div class="panel panel-default margintop-15px">`
Add labels to manual sync setup details 2017-07-24 17:17:11 -06:00			`<div class="panel-body">`
			`END`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`. "<b>" . $Strings->get("manual setup", false) . "</b><br /><label>" . $Strings->get("username", false) . ":</label>"`
Refactor and enforce Content-Security-Policy 2017-11-13 16:14:47 -07:00			`. '<div class="well well-sm mono-chunk">' . $_SESSION['username'] . '</div>'`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`. "<label>" . $Strings->get("sync key", false) . "</label>"`
Add labels to manual sync setup details 2017-07-24 17:17:11 -06:00			`. <<<END`
Refactor and enforce Content-Security-Policy 2017-11-13 16:14:47 -07:00			`<div class="well well-sm mono-chunk">$chunk_code</div>`
Add labels to manual sync setup details 2017-07-24 17:17:11 -06:00			`END`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`. "<label>" . $Strings->get("url", false) . "</label>"`
Add labels to manual sync setup details 2017-07-24 17:17:11 -06:00			`. <<<END`
Refactor and enforce Content-Security-Policy 2017-11-13 16:14:47 -07:00			`<div class="well well-sm mono-chunk">$url</div>`
Add labels to manual sync setup details 2017-07-24 17:17:11 -06:00			`</div>`
			`</div>`
Fix URLs 2018-01-17 21:02:15 -07:00			`<a class="btn btn-success btn-sm btn-block" href="home.php?page=sync">$lang_done</a>`
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00			`END;`
			`} else {`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`$activecodes = $database->select("mobile_codes", ["codeid", "code"], ["uid" => $_SESSION['uid']]);`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`$content = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . $Strings->get("sync explained", false) . '</div>'`
Fix URLs 2018-01-17 21:02:15 -07:00			`. '<a class="btn btn-success btn-sm btn-block" href="home.php?page=sync&mobilecode=generate">'`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`. $Strings->get("generate sync", false) . '</a>';`
			`$content .= "<br /><b>" . $Strings->get("active sync codes", false) . ":</b><br />";`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`$content .= "<div class='list-group'>";`
			`if (count($activecodes) > 0) {`
			`foreach ($activecodes as $c) {`
Fix URLs 2018-01-17 21:02:15 -07:00			`$content .= "<div class='list-group-item mobilekey'><span id=\"mobilecode\">" . trim(chunk_split($c['code'], 5, ' ')) . "</span> <span class='tinybuttons'><a class='btn btn-primary btn-sm' href='home.php?page=sync&mobilecode=generate&showsynccode=" . $c['codeid'] . "'><i class='fa fa-qrcode'></i></a> <a class='btn btn-danger btn-sm' href='home.php?page=sync&delsynccode=" . $c['codeid'] . "'><i class='fa fa-trash'></i></a></span></div>";`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`}`
			`} else {`
Remove lang() and lang2() and rewrite references 2018-07-09 23:16:43 -06:00			`$content .= "<div class='list-group-item'>" . $Strings->get("no active codes", false) . "</div>";`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`}`
			`$content .= "</div>";`
			`$content .= <<<END`
Refactor and enforce Content-Security-Policy 2017-11-13 16:14:47 -07:00			`<style nonce="$SECURE_NONCE">`
Add external app "dock", fix #3 2017-06-24 00:32:33 -06:00			`.mobilekey {`
			`display: flex;`
			`flex-wrap: wrap;`
			`justify-content: space-between;`
			`}`
Refactor and enforce Content-Security-Policy 2017-11-13 16:14:47 -07:00			`.mobilekey #mobilecode {`
			`font-family: Ubuntu Mono,monospace;`
			`flex-shrink: 0;`
			`}`
Add external app "dock", fix #3 2017-06-24 00:32:33 -06:00			`</style>`
			`END;`
Make widgets disappear if the user doesn't have permission to use them 2017-07-03 03:27:08 -06:00			`$APPS["sync_mobile"]["content"] = $content;`
			`}`
Add mobile API and pairing widget 2017-06-16 17:36:42 -06:00			`}`