Mandate POST method for ping.php

server/config.inc.php.example

@@ -0,0 +1,10 @@
+<?php
+
+// api-keys
+$config = array(
+    'ping' => array('key1'),
+    'ping-get' => array('key2'),
+    'update' => array('key3'),
+);
+
+?>

server/ping-get.php

@@ -1,13 +1,16 @@
 <?php
-	header('Content-type: text/plain');
-	if(isset($_GET['apikey']) && ($_GET['apikey']=='apikey1' || $_GET['apikey']=='apikey2')){
-		$str=file_get_contents('pinged.txt');
-        	echo $str;
-     		file_put_contents ( 'pinged.txt' , 'false' );
-        }else{
-		$str=file_get_contents('pinged.txt');
-		echo "API Key Missing!\n";
-        	echo $str;
-	}
-?>
+require_once('config.inc.php');
 
+$apikeys = $config['ping-get'];
+
+header('Content-type: text/plain');
+if(isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true)) {
+    $str=file_get_contents('pinged.txt');
+    echo $str;
+    file_put_contents ( 'pinged.txt' , 'false' );
+} else {
+    $str=file_get_contents('pinged.txt');
+    echo "API Key Missing!\n";
+    echo $str;
+}
+?>

server/ping.php

@@ -1,12 +1,17 @@
 <?php
-	header('Content-type: text/plain');
-	if(isset($_GET['apikey']) && ($_GET['apikey']=='apikey1' || $_GET['apikey']=='apikey2')){
-     		file_put_contents ( 'pinged.txt' , 'true' );
-		echo true;
-        }else{
-		$str=file_get_contents('pinged.txt');
-		echo "API Key Missing!\n";
-        	echo $str;
-	}
-?>
+require_once('config.inc.php');
 
+$apikeys = $config['ping'];
+
+header('Content-type: text/plain');
+if ($_SERVER['REQUEST_METHOD'] == 'POST' &&
+    isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true))
+{
+    file_put_contents ( 'pinged.txt' , 'true' );
+    echo $str;
+} else {
+    $str=file_get_contents('pinged.txt');
+    echo "API Key Missing (must be POST method)!\n";
+    echo $str;
+}
+?>

server/update.php

@@ -1,22 +1,30 @@
 <?php
-	header('Content-type: text/plain');
-	if(isset($_GET['apikey']) && ($_GET['apikey']=='apikey1' || $_GET['apikey']=='apikey2')){
-		if(isset($_GET['open']) && $_GET['open']=='true')
-        	{
-        		file_put_contents ( 'status.txt' , 'true,'.time() );
-			echo "true";
-       		}else   if(isset($_GET['open']) && $_GET['open'] =='false')
-        	{
-                	file_put_contents ( 'status.txt' , 'false,'.time() );
-			echo "false";
-        	}
-        }else{
-		$str=file_get_contents('status.txt');
-        	$arr=explode(',',$str);
-        	$open=$arr[0];
-        	$date=$arr[1]; //lastchange: upadate via file see explode/implode
-		echo "API Key Missing!\n";
-        	echo $open;
-	}
-?>
 
+require_once('config.inc.php');
+
+$apikeys = $config['update'];
+
+header('Content-type: text/plain');
+if( isset($_GET['apikey']) && in_array($_GET['apikey'], $apikeys, true) ) {
+    if(isset($_GET['open']) && $_GET['open']=='true')
+    {
+        file_put_contents ( 'status.txt' , 'true,'.time() );
+        exec("./open.sh");
+        echo "true";
+    } else if(isset($_GET['open']) && $_GET['open'] =='false') {
+        file_put_contents ( 'status.txt' , 'false,'.time() );
+        exec("./close.sh");
+        echo "false";
+    }else{
+        echo "you are too stupid to use the api!\n";
+    }
+} else {
+    $str=file_get_contents('status.txt');
+    $arr=explode(',',$str);
+    $open=$arr[0];
+    $date=$arr[1]; //lastchange: upadate via file see explode/implode
+    echo "API Key Missing!\n";
+    echo $open;
+}
+
+?>