server: clean up scripts, require POST for non-idempotent requests

This commit is contained in:
Xiretza 2022-08-16 21:16:22 +02:00
parent c7f08a80e9
commit 096c7ac168
4 changed files with 52 additions and 39 deletions

20
server/ping-get.php Normal file → Executable file
View file

@ -1,16 +1,22 @@
<?php <?php
require_once('config.inc.php');
require_once('config.inc.php');
$apikeys = $config['ping-get']; $apikeys = $config['ping-get'];
header('Content-type: text/plain'); header('Content-type: text/plain');
if(isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true)) {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo "Must use POST request method\n";
return;
}
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
$str=file_get_contents('pinged.txt'); $str=file_get_contents('pinged.txt');
echo $str; echo $str;
file_put_contents('pinged.txt', 'false'); file_put_contents('pinged.txt', 'false');
} else {
$str=file_get_contents('pinged.txt');
echo "API Key Missing!\n";
echo $str;
}
?> ?>

23
server/ping.php Normal file → Executable file
View file

@ -1,17 +1,20 @@
<?php <?php
require_once('config.inc.php');
require_once('config.inc.php');
$apikeys = $config['ping']; $apikeys = $config['ping'];
header('Content-type: text/plain'); header('Content-type: text/plain');
if ($_SERVER['REQUEST_METHOD'] == 'POST' &&
isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true)) if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
{ echo "Must use POST request method\n";
file_put_contents ( 'pinged.txt' , 'true' ); return;
echo $str;
} else {
$str=file_get_contents('pinged.txt');
echo "API Key Missing (must be POST method)!\n";
echo $str;
} }
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
file_put_contents('pinged.txt', 'true');
?> ?>

0
server/status.txt Executable file → Normal file
View file

View file

@ -1,30 +1,34 @@
<?php <?php
require_once('config.inc.php'); require_once('config.inc.php');
$apikeys = $config['update']; $apikeys = $config['update'];
header('Content-type: text/plain'); header('Content-type: text/plain');
if( isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true) ) {
if(isset($_GET['open']) && $_GET['open']=='true') if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
{ echo "Must use POST request method\n";
return;
}
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
if (!isset($_GET['open'])) {
echo "Missing 'open' request parameter\n";
return;
}
if ($_GET['open'] === 'true') {
file_put_contents('status.txt', 'true,'.time()); file_put_contents('status.txt', 'true,'.time());
exec("./open.sh");
echo "true"; echo "true";
} else if(isset($_GET['open']) && $_GET['open'] =='false') { } else if ($_GET['open'] === 'false') {
file_put_contents('status.txt', 'false,'.time()); file_put_contents('status.txt', 'false,'.time());
exec("./close.sh");
echo "false"; echo "false";
} else { } else {
echo "you are too stupid to use the api!\n"; echo "Invalid 'open' parameter value\n";
} return;
} else {
$str=file_get_contents('status.txt');
$arr=explode(',',$str);
$open=$arr[0];
$date=$arr[1]; //lastchange: upadate via file see explode/implode
echo "API Key Missing!\n";
echo $open;
} }
?> ?>