From 5b70a8cea73c4a4f779840a6a2e675e8f8028e9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= <anton@sijanec.eu>
Date: Thu, 19 Oct 2023 13:07:23 +0200
Subject: studisfri

---
 prog/studisfri/makefile           |  8 +++----
 prog/studisfri/studis_account.php | 49 +++++++++++++++++++++++----------------
 prog/studisfri/studisfri          |  9 +++----
 3 files changed, 38 insertions(+), 28 deletions(-)

diff --git a/prog/studisfri/makefile b/prog/studisfri/makefile
index 363ee2f..d264405 100644
--- a/prog/studisfri/makefile
+++ b/prog/studisfri/makefile
@@ -1,10 +1,10 @@
 default: fetchsrc
 
 fetchsrc:
-	sftp s@t <<<"get /etc/nginx/sites/studisfri"
-	sftp s@t <<<"get studisfri/studis_account.php"
-	sftp s@t <<<"get studisfri/script.js"
-	sftp s@t <<<"get studisfri/screenshot.sh"
+	sftp s@b <<<"get /etc/nginx/sites/studisfri"
+	sftp s@b <<<"get studisfri/studis_account.php"
+	sftp s@b <<<"get studisfri/script.js"
+	sftp s@b <<<"get studisfri/screenshot.sh"
 
 
 .PHONY: default fetchsrc
diff --git a/prog/studisfri/studis_account.php b/prog/studisfri/studis_account.php
index 2605da0..372001b 100644
--- a/prog/studisfri/studis_account.php
+++ b/prog/studisfri/studis_account.php
@@ -1,18 +1,24 @@
 <?php
+function get_un ($resp) {
+	$x = new DOMDocument();
+	@$x->loadHTML($resp);
+	foreach (explode(" ", trim($x->getElementsByTagName("address")[0]->nodeValue)) as $niz)
+		if (strpos($niz, "@") !== false)
+			$un = trim($niz);
+	return $un;
+}
 function studis_get ($cookie) {
 	$string = "";
-	$resp = @file_get_contents("https://studisfri.uni-lj.si/StudentProfil/KontaktniPodatki", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]]));
+	$resp = @file_get_contents("https://studisfri.uni-lj.si/StudentProfil/KontaktniPodatki", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]]));
 	if (strpos($resp, "/Account/Logout") === false)
 		return false;
-	$x = new DOMDocument();
-	@$x->loadHTML($resp);
-	$un = trim(explode(" ", trim($x->getElementsByTagName("address")[0]->nodeValue))[0]);
+	$un = get_un($resp);
 	$string .= $resp;
-	$resp = @file_get_contents("https://studisfri.uni-lj.si/DashboardStudent", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]]));
+	$resp = @file_get_contents("https://studisfri.uni-lj.si/DashboardStudent", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]]));
 	if (strpos($resp, "/Account/Logout") === false)
 		return false;
 	$string .= $resp;
-	$resp = @file_get_contents("https://studisfri.uni-lj.si/Student/ElektronskiIndeksStudent", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]]));
+	$resp = @file_get_contents("https://studisfri.uni-lj.si/Student/ElektronskiIndeksStudent", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]]));
 	if (strpos($resp, "/Account/Logout") === false)
 		return false;
 	$string .= $resp;
@@ -22,6 +28,7 @@ function studis_get ($cookie) {
 		$stmt->bindParam(":username", $un, PDO::PARAM_STR);
 		$stmt->bindParam(":cookies", $cookie, PDO::PARAM_STR);
 		$stmt->execute();
+		$stmt->closeCursor();
 		$cookies = [];
 		foreach ($http_response_header as $h) {
 			if (strtolower(explode(": ", $h)[0]) == "set-cookie") {
@@ -38,6 +45,7 @@ function studis_get ($cookie) {
 			$cookies = implode("; ", $cookies);
 			$stmt->bindParam(":cookies", $cookies, PDO::PARAM_STR);
 			$stmt->execute();
+			$stmt->closeCursor();
 		}
 	}
 	return ["hash" => hash("sha256", $string, true), "username" => $un];
@@ -74,7 +82,7 @@ HEREDOC;
 }
 function waste_login ($tekst) {
 	if (!empty($_REQUEST["potrdilo"])) {
-		$resp = file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["http" => ["follow_location" => 0, "method" => "POST", "header" => "Content-Type: application/x-www-form-urlencoded\r\nCookie: {$_SERVER["HTTP_COOKIE"]}", "content" => "__RequestVerificationToken=" . urlencode($_POST["rvt"]) . "&Username=" . urlencode($_POST["username"]) . "&Password=" . urlencode($_POST["password"])]]));
+		$resp = file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["follow_location" => 0, "method" => "POST", "header" => "Content-Type: application/x-www-form-urlencoded\r\nCookie: {$_SERVER["HTTP_COOKIE"]}", "content" => "__RequestVerificationToken=" . urlencode($_POST["rvt"]) . "&Username=" . urlencode($_POST["username"]) . "&Password=" . urlencode($_POST["password"])]]));
 		# file_put_contents("/tmp/resp.html", $resp);
 		# file_put_contents("/tmp/http_response_header.txt", implode("\r\n", $http_response_header));
 		if (strpos($http_response_header[0], "302") !== false) {
@@ -119,7 +127,9 @@ if (!$db || !empty($_REQUEST["dberror"])) {
 $db->query("create table if not exists users (username TEXT PRIMARY KEY UNIQUE NOT NULL CHECK(length(username) > 0), cookies TEXT UNIQUE NOT NULL, password TEXT NOT NULL, last default CURRENT_TIMESTAMP, mail INTEGER, hash TEXT CHECK(length(hash) == 32))
 ");
 if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "script") !== false) {
-	studis_get($_SERVER["HTTP_COOKIE"]);
+	echo "/*";
+	var_dump(studis_get($_SERVER["HTTP_COOKIE"]));
+	echo "*/";
 	die(file_get_contents("script.js"));
 }
 if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "odjava") !== false) {
@@ -188,8 +198,12 @@ if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "cron") !== false) {
 			}
 			echo PHP_EOL;
 		} else {
+			$stmt = $db->prepare("update users set last=CURRENT_TIMESTAMP, hash=:hash where username=:username");
+			$stmt->bindParam(":username", $row[0], PDO::PARAM_STR);
+			$stmt->bindParam(":hash", $g["hash"], PDO::PARAM_LOB);
+			$stmt->execute();
 			$uc = urlencode($row[1]);
-			$izhod = `./screenshot.sh 'https://studisfri.4a.si/Account/cookies?cookies=$uc&location=/' 2>&1`;
+			$izhod = `timeout 10s ./screenshot.sh 'https://studisfri.4a.si/Account/cookies?cookies=$uc&location=/' 2>&1`;
 			$h = "";
 			foreach (explode("\n", $izhod) as $v) {
 				$x = explode(" ", $v);
@@ -202,17 +216,13 @@ if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "cron") !== false) {
 				mail($row[0], "Sprememba na portalu STUDIS", "Spoštovani,\r\n\r\nobveščam vas, da se je na vašem STUDIS portalu {$row[0]} pojavila sprememba. Portal STUDIS je dostopen na povezavi https://studisfri.4a.si/. Ta obvestila lahko izklopite brez prijave na naslovu https://studisfri.4a.si/Account/odjava?hash=$uehash ali pa s pismom administratorju na naslov anton@sijanec.eu.$h\r\n\r\nLep pozdrav\r\nPHP\r\n\r\n\r\n---------\r\nDiagnostične informacije sledijo:\r\nPrejšnja zgoščena vrednost STUDIS: " . bin2hex($row[3]) . "\r\nTrenutna zgoščena vrednost STUDIS: " . bin2hex($g["hash"]) . "\r\n\r\nIzhod programa screenshot.sh:\r\n$izhod", "From: studisfri@4a.si\r\nReply-To: anton@sijanec.eu");
 				echo "\tmail";
 			}
-			$stmt = $db->prepare("update users set last=CURRENT_TIMESTAMP, hash=:hash where username=:username");
-			$stmt->bindParam(":username", $row[0], PDO::PARAM_STR);
-			$stmt->bindParam(":hash", $g["hash"], PDO::PARAM_LOB);
-			$stmt->execute();
 			echo PHP_EOL;
 		}
 	}
 	die();
 }
 if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "setculture") !== false) {
-	@file_get_contents("https://studisfri.uni-lj.si/Account/SetCulture?culture={$_GET['culture']}", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$_SERVER["HTTP_COOKIE"]}"]]));
+	@file_get_contents("https://studisfri.uni-lj.si/Account/SetCulture?culture={$_GET['culture']}", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$_SERVER["HTTP_COOKIE"]}"]]));
 	http_response_code(303);
 	header("Location: {$_GET["ReturnUrl"]}");
 }
@@ -222,7 +232,8 @@ if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "registercertificate") !== fals
 	$did = true;
 }
 if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "login") !== false) {
-	$resp = @file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$_SERVER["HTTP_COOKIE"]}"]]));
+	$resp = file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$_SERVER["HTTP_COOKIE"]}"]]));
+	file_put_contents("/tmp/resp.html", $resp);
 	if (strpos($resp, "/Account/Logout") !== false) {
 		http_response_code(303);
 		header("Location: /");
@@ -245,11 +256,9 @@ if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "login") !== false) {
 			$stmt->execute();
 			$row = $stmt->fetch();
 			if (!empty($_POST["Session"])) {
-				$resp = @file_get_contents("https://studisfri.uni-lj.si/StudentProfil/KontaktniPodatki", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$_POST["Session"]}"]]));
+				$resp = @file_get_contents("https://studisfri.uni-lj.si/StudentProfil/KontaktniPodatki", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$_POST["Session"]}"]]));
 				if (strpos($resp, "/Account/Logout") !== false) {
-					$x = new DOMDocument();
-					@$x->loadHTML($resp);
-					$un = trim(explode(" ", trim($x->getElementsByTagName("address")[0]->nodeValue))[0]);
+					$un = get_un($resp);
 					if ($un == $_POST["Username"]) {
 						$stmt = $db->prepare("insert into users (username, cookies, password, last) values (:username, :cookies, :password, CURRENT_TIMESTAMP) ON CONFLICT(username) DO UPDATE SET username=:username, cookies=:cookies, password=:password");
 						$stmt->bindParam(":username", $_POST["Username"]);
@@ -272,7 +281,7 @@ if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "login") !== false) {
 				if ($row == false || $row["cookies"] == false) {
 					waste_login("Strežnik nima shranjene vaše seje.");
 				} else {
-					$resp = @file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$row["cookies"]}"]]));
+					$resp = @file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$row["cookies"]}"]]));
 					if (strpos($resp, "/Account/Logout") !== false) {
 						if (password_verify($_POST["Password"], $row["password"])) {
 							http_response_code(303);
diff --git a/prog/studisfri/studisfri b/prog/studisfri/studisfri
index 76a628d..7834c7d 100644
--- a/prog/studisfri/studisfri
+++ b/prog/studisfri/studisfri
@@ -14,12 +14,13 @@ server {
 		include fastcgi.conf;
 		fastcgi_param SCRIPT_FILENAME /home/s/studisfri/studis_account.php;
 		# fastcgi_param SCRIPT_NAME /home/s/www/studis_account.php;
-		fastcgi_pass unix:/run/php/php-s.sock;
+		fastcgi_pass unix:/run/php-s.sock;
 	}
 	location / {
-		subs_filter studisfri.uni-lj.si $http_host ig;
-		subs_filter 'dropdown-menu-right">' "dropdown-menu-right\"><li><a href=/Account/nastavitve>dodatne nastavitve neuradnega posrednika</a>" ig;
-		subs_filter </title> '</title><script src=/Account/script.js></script>' ig;
+		sub_filter_once off;
+		sub_filter studisfri.uni-lj.si $http_host;
+		sub_filter 'dropdown-menu-right">' "dropdown-menu-right\"><li><a href=/Account/nastavitve>dodatne nastavitve neuradnega posrednika</a>";
+		sub_filter </title> '</title><script src=/Account/script.js></script>';
 		proxy_pass https://studisfri.uni-lj.si;
 		proxy_set_header Host studisfri.uni-lj.si;
 		proxy_set_header Accept-Encoding "";
-- 
cgit v1.2.3