From 6e895484d726fb9eda64d3dfe776e7dde33e27dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mike=20Schw=C3=B6rer?= <pubgit@mikescher.com>
Date: Sun, 29 Dec 2019 00:02:38 +0100
Subject: [PATCH] fixed some API methods

---
 www/commands/alephnote_statsping.php       | 12 ++++++------
 www/commands/progs_updatecheck.php         |  2 +-
 www/commands/server_backupupload.php       | 10 ++++------
 www/commands/server_gitwebhook.php         | 10 ++++------
 www/commands/site_createBookThumbnails.php |  5 +----
 www/internals/base.php                     |  8 ++++++++
 www/pages/api.php                          | 10 +++++-----
 7 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/www/commands/alephnote_statsping.php b/www/commands/alephnote_statsping.php
index 2f566ff..dcbf878 100644
--- a/www/commands/alephnote_statsping.php
+++ b/www/commands/alephnote_statsping.php
@@ -5,12 +5,12 @@ global $API_OPTIONS;
 require_once (__DIR__ . '/../internals/base.php');
 require_once (__DIR__ . '/../internals/database.php');
 
-if (!isset($API_OPTIONS['name']))        die("Wrong parameters.");
-if (!isset($API_OPTIONS['clientid']))    die("Wrong parameters.");
-if (!isset($API_OPTIONS['version']))     die("Wrong parameters.");
-if (!isset($API_OPTIONS['providerstr'])) die("Wrong parameters.");
-if (!isset($API_OPTIONS['providerid']))  die("Wrong parameters.");
-if (!isset($API_OPTIONS['notecount']))   die("Wrong parameters.");
+if (!isset($API_OPTIONS['name']))        httpDie(400, "Wrong parameters.");
+if (!isset($API_OPTIONS['clientid']))    httpDie(400, "Wrong parameters.");
+if (!isset($API_OPTIONS['version']))     httpDie(400, "Wrong parameters.");
+if (!isset($API_OPTIONS['providerstr'])) httpDie(400, "Wrong parameters.");
+if (!isset($API_OPTIONS['providerid']))  httpDie(400, "Wrong parameters.");
+if (!isset($API_OPTIONS['notecount']))   httpDie(400, "Wrong parameters.");
 
 $nam = $API_OPTIONS['name'];
 $cid = $API_OPTIONS['clientid'];
diff --git a/www/commands/progs_updatecheck.php b/www/commands/progs_updatecheck.php
index 51d34db..93108a8 100644
--- a/www/commands/progs_updatecheck.php
+++ b/www/commands/progs_updatecheck.php
@@ -6,7 +6,7 @@ require_once (__DIR__ . '/../internals/base.php');
 require_once (__DIR__ . '/../internals/programs.php');
 require_once (__DIR__ . '/../internals/updateslog.php');
 
-if (!isset($API_OPTIONS['name'])) die("Wrong parameters.");
+if (!isset($API_OPTIONS['name'])) httpDie(400, "Wrong parameters.");
 
 $name = $API_OPTIONS['name'];
 
diff --git a/www/commands/server_backupupload.php b/www/commands/server_backupupload.php
index 1f22411..02740ef 100644
--- a/www/commands/server_backupupload.php
+++ b/www/commands/server_backupupload.php
@@ -1,19 +1,17 @@
 <?php
 
 global $API_OPTIONS;
+global $OPTIONS;
 
 require_once (__DIR__ . '/../internals/base.php');
 require_once (__DIR__ . '/../internals/database.php');
 
-if (!isset($API_OPTIONS['folder']))   die("Wrong parameters.");
-if (!isset($API_OPTIONS['filename'])) die("Wrong parameters.");
-if (!isset($API_OPTIONS['secret']))   die("Wrong parameters.");
-if (!isset($API_OPTIONS['uri']))      die("Wrong parameters.");
+if (!isset($API_OPTIONS['folder']))   httpDie(400, "Wrong parameters.");
+if (!isset($API_OPTIONS['filename'])) httpDie(400, "Wrong parameters.");
 
 $folder   = $API_OPTIONS['folder'];
 $filename = $API_OPTIONS['filename'];
-$secret   = $API_OPTIONS['secret'];
-$uri      = $API_OPTIONS['uri'];
+$uri      = $OPTIONS['uri'];
 
 $reltarget = "Backup/$folder/$filename";
 
diff --git a/www/commands/server_gitwebhook.php b/www/commands/server_gitwebhook.php
index 85e7161..ac9932a 100644
--- a/www/commands/server_gitwebhook.php
+++ b/www/commands/server_gitwebhook.php
@@ -1,23 +1,21 @@
 <?php
 
 global $API_OPTIONS;
+global $OPTIONS;
 
 require_once (__DIR__ . '/../internals/base.php');
 require_once (__DIR__ . '/../internals/database.php');
 
-if (!isset($API_OPTIONS['target'])) die("Wrong parameters.");
-if (!isset($API_OPTIONS['secret'])) die("Wrong parameters.");
-if (!isset($API_OPTIONS['uri']))    die("Wrong parameters.");
+if (!isset($API_OPTIONS['target'])) httpDie(400, "Wrong parameters.");
 
 $hook   = $API_OPTIONS['target'];
-$secret = $API_OPTIONS['secret'];
-$uri    = $API_OPTIONS['uri'];
+$uri    = $OPTIONS['uri'];
 
 $cmd = "";
 
 if ($hook == 'website_mikescher')  $cmd = 'git pull';
 else if ($hook == 'griddominance') $cmd = 'update-gdapi';
-else                               die("Unknown webhook: $hook");
+else                               httpDie(400, "Unknown webhook: $hook");
 
 $std = shell_exec($cmd);
 
diff --git a/www/commands/site_createBookThumbnails.php b/www/commands/site_createBookThumbnails.php
index 3bd2c28..790d4d8 100644
--- a/www/commands/site_createBookThumbnails.php
+++ b/www/commands/site_createBookThumbnails.php
@@ -26,7 +26,4 @@ echo 'Finished.' . '<br/>' . "\n";
 
 echo '<script>setTimeout(function () { window.location.href = "/admin"; }, 3000);</script>';
 echo '</body>';
-echo '</html>';
-
-
-die('Wrong command.');
\ No newline at end of file
+echo '</html>';
\ No newline at end of file
diff --git a/www/internals/base.php b/www/internals/base.php
index df264e7..54fd263 100644
--- a/www/internals/base.php
+++ b/www/internals/base.php
@@ -51,6 +51,14 @@ function httpError($errorcode, $message)
 	die();
 }
 
+function httpDie($errorcode, $message)
+{
+	ob_clean();
+	http_response_code($errorcode);
+	die($message);
+
+}
+
 function destructiveUrlEncode($str) {
 	$str = str_replace(' ', '_', $str);
 	$str = str_replace('+', '_', $str);
diff --git a/www/pages/api.php b/www/pages/api.php
index 836b768..5d89174 100644
--- a/www/pages/api.php
+++ b/www/pages/api.php
@@ -56,7 +56,7 @@ if (!array_key_exists($cmd, $API_COMMANDS))
 	print("     ::::::`:::::;'  /  /   `#                      \n");
 	print("                                                    \n");
 	print("                                                    \n");
-	die('Wrong command.');
+	httpDie(400, 'Wrong command.');
 }
 
 $config = $API_COMMANDS[$cmd];
@@ -64,10 +64,10 @@ $config = $API_COMMANDS[$cmd];
 
 $secret = isset($_GET['secret']) ? $_GET['secret'] : '';
 
-if ($config['auth'] === 'webhook_secret' && $secret !== $CONFIG['webhook_secret']) die('Unauthorized.');
-if ($config['auth'] === 'ajax_secret'    && $secret !== $CONFIG['ajax_secret'])    die('Unauthorized.');
-if ($config['auth'] === 'upload_secret'  && $secret !== $CONFIG['upload_secret'])  die('Unauthorized.');
-if ($config['auth'] === 'admin'          && !isLoggedInByCookie())                 die('Unauthorized.');
+if ($config['auth'] === 'webhook_secret' && $secret !== $CONFIG['webhook_secret']) httpDie(401, 'Unauthorized.');
+if ($config['auth'] === 'ajax_secret'    && $secret !== $CONFIG['ajax_secret'])    httpDie(401, 'Unauthorized.');
+if ($config['auth'] === 'upload_secret'  && $secret !== $CONFIG['upload_secret'])  httpDie(401, 'Unauthorized.');
+if ($config['auth'] === 'admin'          && !isLoggedInByCookie())                 httpDie(401, 'Unauthorized.');
 
 
 global $API_OPTIONS;