die(json_encode($message));
}
+$anonymous = isset($_GET['anonymous']) && $_GET['anonymous'];
+function maybe_anonymize($string, $long = false) {
+ global $anonymous_key;
+ global $anonymous;
+ if ($anonymous) {
+ if ($long) {
+ return md5($anonymous_key . ":" . $string);
+ } else {
+ return substr(md5($anonymous_key . ":" . $string), 0, 6);
+ }
+ } else {
+ return $string;
+ }
+}
+
+if (!$anonymous && (!isset($_SERVER['HTTP_AUTHORIZATION']) || $_SERVER['HTTP_AUTHORIZATION'] === "")) {
+ header('WWW-Authenticate: Basic realm="Immae"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo "You need to be authenticated to access private information";
+ exit;
+}
+
if ($mysqli->connect_errno) {
error_die($mysqli->connect_error, $mysqli->connect_errno);
}
$query = $mysqli->query("SELECT DISTINCT domain FROM `report` ORDER BY domain");
if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); }
while($row = $query->fetch_assoc()) {
- $response["domains"][] = $row['domain'];
+ $response["domains"][] = maybe_anonymize($row['domain']);
}
$response["orgs"] = array();
$query = $mysqli->query("SELECT DISTINCT org FROM `report` ORDER BY org");
if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); }
while($row = $query->fetch_assoc()) {
- $response["orgs"][] = $row['org'];
+ $response["orgs"][] = maybe_anonymize($row['org']);
}
$response["dates"] = array();
$query = $mysqli->query($sql);
if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); }
while($row = $query->fetch_assoc()) {
- unset($row["raw_xml"]);
+ $wanted_keys = array(
+ 'domain', 'org', 'reportid', 'mindate', 'maxdate', 'rcount', 'serial', 'policy_adkim', 'policy_aspf', 'policy_none', 'policy_sp', 'policy_pct', 'spfresult', 'dkimresult'
+ );
+ $row = array_intersect_key($row, array_fill_keys($wanted_keys, '1'));
+ $row["domain"] = maybe_anonymize($row["domain"]);
+ $row["org"] = maybe_anonymize($row["org"]);
+ $row["reportid"] = maybe_anonymize($row["reportid"], true);
$response["summaries"][] = $row;
}
} else {
$ip = "-";
$host = "-";
}
- $row['ip'] = $ip;
- $row['host'] = $host;
- unset($row['ip6']);
+ $wanted_keys = array(
+ 'ip', 'host', 'rcount', 'disposition', 'reason', 'dkimdomain', 'dkimresult', 'spfdomain', 'spfresult'
+ );
+ $row = array_intersect_key($row, array_fill_keys($wanted_keys, '1'));
+ $row['ip'] = maybe_anonymize($ip);
+ $row['host'] = maybe_anonymize($host);
+ $row['dkimdomain'] = maybe_anonymize($row['dkimdomain']);
+ $row['spfdomain'] = maybe_anonymize($row['spfdomain']);
$response["rptrecord"][] = $row;
}
}