Manager/index.php

<?php
date_default_timezone_set("Europe/Berlin");
header('Strict-Transport-Security: max-age=657000');
error_reporting(E_ALL);
session_start();

include_once 'classen/MAIL/PHPMailer.php';
include_once 'classen/MAIL/SMTP.php';

include_once("classen/utils.php");
include_once("classen/HTML.php");
include_once("classen/GoogleAuthenticator.php");
include_once("classen/OpenSim.php");
include_once("classen/discord.php");

$RUNTIME = array();
$RUNTIME['OPENSIM'] = new OpenSim();

include_once("config.php");

//TODO: add API keys and/or rate limiting
if(isset($_REQUEST['api']))
{
	if(preg_match("[a-zA-Z0-9\.]{1,100}", $_REQUEST['api']) && file_exists("./api/".$_REQUEST['api'].".php")) {
		include "./api/".$_REQUEST['api'].".php";
	} else {
		die("ERROR; ENDPOINT NOT EXIST");
	}

	die();
}

if ($handle = opendir('./plugins/')) 
{
	while (false !== ($entry = readdir($handle))) 
	{
		if ($entry != "." && $entry != "..") 
		{
			include_once "./plugins/".$entry;
		}
	}

	closedir($handle);
}

if(isset($_REQUEST['logout']))
	if($_REQUEST['logout'] == '1')
		$_SESSION = array();

if(isset($_SESSION['LOGIN']))
	if($_SESSION['LOGIN'] == 'true')
	{
		if(!isset($_REQUEST['page']))
			$_REQUEST['page'] = 'dashboard';

		if(file_exists("./pages/".$_REQUEST['page'].".php")){
			if($_REQUEST['page'] == str_replace("/"," ",$_REQUEST['page']) and $_REQUEST['page'] == str_replace("\\"," ",$_REQUEST['page']) and $_REQUEST['page'] == str_replace(".."," ",$_REQUEST['page'])){
					include "./pages/".$_REQUEST['page'].".php";
			}else{
				include "./pages/error.php";
			}
		}else{
			include "./pages/error.php";
		}

		die();
	}

if(@$_REQUEST['page'] == "register")
{
	include "./pages/register.php";
}else{
	include "./pages/login.php";
}

?>