IT-Syndikat/ITSynOpen
Archived
14
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

server: clean up scripts, require POST for non-idempotent requests

Browse source
This commit is contained in:
Xiretza 2022-08-16 21:16:22 +02:00
parent c7f08a80e9
commit 096c7ac168
4 changed files with 52 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
server/ping-get.php Normal file → Executable file
View file

@ -1,16 +1,22 @@
<?php <?php
require_once('config.inc.php');
require_once('config.inc.php');
$apikeys = $config['ping-get']; $apikeys = $config['ping-get'];
header('Content-type: text/plain'); header('Content-type: text/plain');
if(isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true)) {
$str=file_get_contents('pinged.txt'); if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo $str; echo "Must use POST request method\n";
file_put_contents ( 'pinged.txt' , 'false' ); return;
} else {
$str=file_get_contents('pinged.txt');
echo "API Key Missing!\n";
echo $str;
} }
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
$str=file_get_contents('pinged.txt');
echo $str;
file_put_contents('pinged.txt', 'false');
?> ?>

23
server/ping.php Normal file → Executable file
View file

@ -1,17 +1,20 @@
<?php <?php
require_once('config.inc.php');
require_once('config.inc.php');
$apikeys = $config['ping']; $apikeys = $config['ping'];
header('Content-type: text/plain'); header('Content-type: text/plain');
if ($_SERVER['REQUEST_METHOD'] == 'POST' &&
isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true)) if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
{ echo "Must use POST request method\n";
file_put_contents ( 'pinged.txt' , 'true' ); return;
echo $str;
} else {
$str=file_get_contents('pinged.txt');
echo "API Key Missing (must be POST method)!\n";
echo $str;
} }
if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
echo "Invalid API key\n";
return;
}
file_put_contents('pinged.txt', 'true');
?> ?>

0
server/status.txt Executable file → Normal file
View file

44
server/update.php
View file

@ -1,30 +1,34 @@
<?php <?php
require_once('config.inc.php'); require_once('config.inc.php');
$apikeys = $config['update']; $apikeys = $config['update'];
header('Content-type: text/plain'); header('Content-type: text/plain');
if( isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true) ) {
if(isset($_GET['open']) && $_GET['open']=='true') if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
{ echo "Must use POST request method\n";
file_put_contents ( 'status.txt' , 'true,'.time() ); return;
exec("./open.sh"); }
echo "true";
} else if(isset($_GET['open']) && $_GET['open'] =='false') { if (!isset($_GET['apikey']) || !in_array($_GET['apikey'], $apikeys, true)) {
file_put_contents ( 'status.txt' , 'false,'.time() ); echo "Invalid API key\n";
exec("./close.sh"); return;
echo "false"; }
}else{
echo "you are too stupid to use the api!\n"; if (!isset($_GET['open'])) {
} echo "Missing 'open' request parameter\n";
return;
}
if ($_GET['open'] === 'true') {
file_put_contents('status.txt', 'true,'.time());
echo "true";
} else if ($_GET['open'] === 'false') {
file_put_contents('status.txt', 'false,'.time());
echo "false";
} else { } else {
$str=file_get_contents('status.txt'); echo "Invalid 'open' parameter value\n";
$arr=explode(',',$str); return;
$open=$arr[0];
$date=$arr[1]; //lastchange: upadate via file see explode/implode
echo "API Key Missing!\n";
echo $open;
} }
?> ?>