server: clean up scripts, require POST for non-idempotent requests

This commit is contained in:
Xiretza 2022-08-16 21:16:22 +02:00
parent c7f08a80e9
commit 096c7ac168
4 changed files with 52 additions and 39 deletions

24
server/ping-get.php Normal file → Executable file
View File

@ -1,16 +1,22 @@
<?php
require_once('config.inc.php');
require_once('config.inc.php');
$apikeys = $config['ping-get'];
header('Content-type: text/plain');
if(isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true)) {
$str=file_get_contents('pinged.txt');
echo $str;
file_put_contents ( 'pinged.txt' , 'false' );
} else {
$str=file_get_contents('pinged.txt');
echo "API Key Missing!\n";
echo $str;
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo "Must use POST request method\n";
return;
}
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
$str=file_get_contents('pinged.txt');
echo $str;
file_put_contents('pinged.txt', 'false');
?>

23
server/ping.php Normal file → Executable file
View File

@ -1,17 +1,20 @@
<?php
require_once('config.inc.php');
require_once('config.inc.php');
$apikeys = $config['ping'];
header('Content-type: text/plain');
if ($_SERVER['REQUEST_METHOD'] == 'POST' &&
isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true))
{
file_put_contents ( 'pinged.txt' , 'true' );
echo $str;
} else {
$str=file_get_contents('pinged.txt');
echo "API Key Missing (must be POST method)!\n";
echo $str;
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo "Must use POST request method\n";
return;
}
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
file_put_contents('pinged.txt', 'true');
?>

0
server/status.txt Executable file → Normal file
View File

View File

@ -1,30 +1,34 @@
<?php
require_once('config.inc.php');
$apikeys = $config['update'];
header('Content-type: text/plain');
if( isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true) ) {
if(isset($_GET['open']) && $_GET['open']=='true')
{
file_put_contents ( 'status.txt' , 'true,'.time() );
exec("./open.sh");
echo "true";
} else if(isset($_GET['open']) && $_GET['open'] =='false') {
file_put_contents ( 'status.txt' , 'false,'.time() );
exec("./close.sh");
echo "false";
}else{
echo "you are too stupid to use the api!\n";
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo "Must use POST request method\n";
return;
}
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
if (!isset($_GET['open'])) {
echo "Missing 'open' request parameter\n";
return;
}
if ($_GET['open'] === 'true') {
file_put_contents('status.txt', 'true,'.time());
echo "true";
} else if ($_GET['open'] === 'false') {
file_put_contents('status.txt', 'false,'.time());
echo "false";
} else {
$str=file_get_contents('status.txt');
$arr=explode(',',$str);
$open=$arr[0];
$date=$arr[1]; //lastchange: upadate via file see explode/implode
echo "API Key Missing!\n";
echo $open;
echo "Invalid 'open' parameter value\n";
return;
}
?>