diff options
Diffstat (limited to 'modules/private/websites/tools/tools/dmarc_reports/api.php')
-rw-r--r-- | modules/private/websites/tools/tools/dmarc_reports/api.php | 45 |
1 files changed, 39 insertions, 6 deletions
diff --git a/modules/private/websites/tools/tools/dmarc_reports/api.php b/modules/private/websites/tools/tools/dmarc_reports/api.php index 9b7f0c0..5d4657e 100644 --- a/modules/private/websites/tools/tools/dmarc_reports/api.php +++ b/modules/private/websites/tools/tools/dmarc_reports/api.php | |||
@@ -18,6 +18,28 @@ function error_die($text, $number) { | |||
18 | die(json_encode($message)); | 18 | die(json_encode($message)); |
19 | } | 19 | } |
20 | 20 | ||
21 | $anonymous = isset($_GET['anonymous']) && $_GET['anonymous']; | ||
22 | function maybe_anonymize($string, $long = false) { | ||
23 | global $anonymous_key; | ||
24 | global $anonymous; | ||
25 | if ($anonymous) { | ||
26 | if ($long) { | ||
27 | return md5($anonymous_key . ":" . $string); | ||
28 | } else { | ||
29 | return substr(md5($anonymous_key . ":" . $string), 0, 6); | ||
30 | } | ||
31 | } else { | ||
32 | return $string; | ||
33 | } | ||
34 | } | ||
35 | |||
36 | if (!$anonymous && (!isset($_SERVER['HTTP_AUTHORIZATION']) || $_SERVER['HTTP_AUTHORIZATION'] === "")) { | ||
37 | header('WWW-Authenticate: Basic realm="Immae"'); | ||
38 | header('HTTP/1.0 401 Unauthorized'); | ||
39 | echo "You need to be authenticated to access private information"; | ||
40 | exit; | ||
41 | } | ||
42 | |||
21 | if ($mysqli->connect_errno) { | 43 | if ($mysqli->connect_errno) { |
22 | error_die($mysqli->connect_error, $mysqli->connect_errno); | 44 | error_die($mysqli->connect_error, $mysqli->connect_errno); |
23 | } | 45 | } |
@@ -27,14 +49,14 @@ if (!isset($_GET['serial'])) { | |||
27 | $query = $mysqli->query("SELECT DISTINCT domain FROM `report` ORDER BY domain"); | 49 | $query = $mysqli->query("SELECT DISTINCT domain FROM `report` ORDER BY domain"); |
28 | if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); } | 50 | if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); } |
29 | while($row = $query->fetch_assoc()) { | 51 | while($row = $query->fetch_assoc()) { |
30 | $response["domains"][] = $row['domain']; | 52 | $response["domains"][] = maybe_anonymize($row['domain']); |
31 | } | 53 | } |
32 | 54 | ||
33 | $response["orgs"] = array(); | 55 | $response["orgs"] = array(); |
34 | $query = $mysqli->query("SELECT DISTINCT org FROM `report` ORDER BY org"); | 56 | $query = $mysqli->query("SELECT DISTINCT org FROM `report` ORDER BY org"); |
35 | if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); } | 57 | if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); } |
36 | while($row = $query->fetch_assoc()) { | 58 | while($row = $query->fetch_assoc()) { |
37 | $response["orgs"][] = $row['org']; | 59 | $response["orgs"][] = maybe_anonymize($row['org']); |
38 | } | 60 | } |
39 | 61 | ||
40 | $response["dates"] = array(); | 62 | $response["dates"] = array(); |
@@ -55,7 +77,13 @@ if (!isset($_GET['serial'])) { | |||
55 | $query = $mysqli->query($sql); | 77 | $query = $mysqli->query($sql); |
56 | if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); } | 78 | if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); } |
57 | while($row = $query->fetch_assoc()) { | 79 | while($row = $query->fetch_assoc()) { |
58 | unset($row["raw_xml"]); | 80 | $wanted_keys = array( |
81 | 'domain', 'org', 'reportid', 'mindate', 'maxdate', 'rcount', 'serial', 'policy_adkim', 'policy_aspf', 'policy_none', 'policy_sp', 'policy_pct', 'spfresult', 'dkimresult' | ||
82 | ); | ||
83 | $row = array_intersect_key($row, array_fill_keys($wanted_keys, '1')); | ||
84 | $row["domain"] = maybe_anonymize($row["domain"]); | ||
85 | $row["org"] = maybe_anonymize($row["org"]); | ||
86 | $row["reportid"] = maybe_anonymize($row["reportid"], true); | ||
59 | $response["summaries"][] = $row; | 87 | $response["summaries"][] = $row; |
60 | } | 88 | } |
61 | } else { | 89 | } else { |
@@ -76,9 +104,14 @@ if (!isset($_GET['serial'])) { | |||
76 | $ip = "-"; | 104 | $ip = "-"; |
77 | $host = "-"; | 105 | $host = "-"; |
78 | } | 106 | } |
79 | $row['ip'] = $ip; | 107 | $wanted_keys = array( |
80 | $row['host'] = $host; | 108 | 'ip', 'host', 'rcount', 'disposition', 'reason', 'dkimdomain', 'dkimresult', 'spfdomain', 'spfresult' |
81 | unset($row['ip6']); | 109 | ); |
110 | $row = array_intersect_key($row, array_fill_keys($wanted_keys, '1')); | ||
111 | $row['ip'] = maybe_anonymize($ip); | ||
112 | $row['host'] = maybe_anonymize($host); | ||
113 | $row['dkimdomain'] = maybe_anonymize($row['dkimdomain']); | ||
114 | $row['spfdomain'] = maybe_anonymize($row['spfdomain']); | ||
82 | $response["rptrecord"][] = $row; | 115 | $response["rptrecord"][] = $row; |
83 | } | 116 | } |
84 | } | 117 | } |