title = null; $FRAME_OPTIONS->canonical_url = null; $FRAME_OPTIONS->activeHeader = null; $FRAME_OPTIONS->frame = 'api_frame.php'; $API_COMMANDS = [ 'base::test' => [ 'src' => __DIR__.'/../commands/base_test.php', 'auth' => 'none' ], 'progs::updatecheck' => [ 'src' => __DIR__.'/../commands/progs_updatecheck.php', 'auth' => 'none' ], 'site::createprogramthumbnails' => [ 'src' => __DIR__.'/../commands/site_createProgramThumbnails.php', 'auth' => 'admin' ], 'site::createbookthumbnails' => [ 'src' => __DIR__.'/../commands/site_createBookThumbnails.php', 'auth' => 'admin' ], 'site::selftest' => [ 'src' => __DIR__.'/../commands/site_selftest.php', 'auth' => 'admin' ], 'server::setselfaddress' => [ 'src' => __DIR__.'/../commands/server_setselfaddress.php', 'auth' => 'none' ], 'server::gitwebhook' => [ 'src' => __DIR__.'/../commands/server_gitwebhook.php', 'auth' => 'webhook_secret' ], 'server::backupupload' => [ 'src' => __DIR__.'/../commands/server_backupupload.php', 'auth' => 'upload_secret' ], 'extendedgitgraph::status' => [ 'src' => __DIR__.'/../commands/extendedgitgraph_status.php', 'auth' => 'ajax_secret' ], 'extendedgitgraph::redraw' => [ 'src' => __DIR__.'/../commands/extendedgitgraph_redraw.php', 'auth' => 'ajax_secret' ], 'extendedgitgraph::refresh' => [ 'src' => __DIR__.'/../commands/extendedgitgraph_refresh.php', 'auth' => 'ajax_secret' ], 'alephnote::statsping' => [ 'src' => __DIR__.'/../commands/alephnote_statsping.php', 'auth' => 'none' ], 'alephnote::show' => [ 'src' => __DIR__.'/../commands/alephnote_show.php', 'auth' => 'ajax_secret' ], 'updates::show' => [ 'src' => __DIR__.'/../commands/updates_show.php', 'auth' => 'ajax_secret' ], 'html::panel_aoc_calendar' => [ 'src' => __DIR__.'/../commands/html_panel-aoc-calendar.php', 'auth' => 'none' ], ]; $cmd = strtolower($ROUTE->parameter['cmd']); if (!array_key_exists($cmd, $API_COMMANDS)) { print(" \n"); print(" \n"); print(" ... \n"); print(" ;::::; \n"); print(" ;::::; :; \n"); print(" ;:::::' :; \n"); print(" ;:::::; ;. \n"); print(" ,:::::' ; OOO\\ \n"); print(" ::::::; ; OOOOO\\ \n"); print(" ;:::::; ; OOOOOOOO \n"); print(" ,;::::::; ;' / OOOOOOO \n"); print(" ;:::::::::`. ,,,;. / / DOOOOOO \n"); print(" .';:::::::::::::::::;, / / DOOOO \n"); print(" ,::::::;::::::;;;;::::;, / / DOOO \n"); print(" ;`::::::`'::::::;;;::::: ,#/ / DOOO \n"); print(" :`:::::::`;::::::;;::: ;::# / DOOO \n"); print(" ::`:::::::`;:::::::: ;::::# / DOO \n"); print(" `:`:::::::`;:::::: ;::::::#/ DOO \n"); print(" :::`:::::::`;; ;:::::::::## OO \n"); print(" ::::`:::::::`;::::::::;:::# OO \n"); print(" `:::::`::::::::::::;'`:;::# O \n"); print(" `:::::`::::::::;' / / `:# \n"); print(" ::::::`:::::;' / / `# \n"); print(" \n"); print(" \n"); $FRAME_OPTIONS->forceResult(400, 'Wrong command.'); return; } $config = $API_COMMANDS[$cmd]; $secret = isset($_GET['secret']) ? $_GET['secret'] : ''; if ($config['auth'] === 'webhook_secret' && $secret !== $SITE->config['webhook_secret']) { $FRAME_OPTIONS->forceResult(401, "Unauthorized."); return; } if ($config['auth'] === 'ajax_secret' && $secret !== $SITE->config['ajax_secret']) { $FRAME_OPTIONS->forceResult(401, "Unauthorized."); return; } if ($config['auth'] === 'upload_secret' && $secret !== $SITE->config['upload_secret']) { $FRAME_OPTIONS->forceResult(401, "Unauthorized."); return; } if ($config['auth'] === 'admin' && !$SITE->isLoggedInByCookie()) { $FRAME_OPTIONS->forceResult(401, "Unauthorized."); return; } global $API_OPTIONS; $API_OPTIONS = []; foreach ($_GET as $k => $v) $API_OPTIONS[strtolower($k)] = $v; foreach ($ROUTE->urlParameter as $k => $v) $API_OPTIONS[strtolower($k)] = $v; try { /** @noinspection PhpIncludeInspection */ include $config['src']; } catch (exception $e) { $content = "REQUEST: " . var_export($_REQUEST) . "\r\n\r\n" . "IP: " . get_client_ip() . "\r\n\r\n" . "ERROR: " . $e . "\r\n\r\n"; if ($SITE->isProd()) sendMail("Website API call failed", $content, 'virtualadmin@mikescher.de', 'webserver-info@mikescher.com'); $msg = "Error."; if (!$SITE->isProd()) $msg = "Error.\n" . "API Command failed with exception.\n" . $e; $FRAME_OPTIONS->forceResult(500, $msg); return; }