Manager/index.php

<?php
date_default_timezone_set("Europe/Berlin");
error_reporting(E_ALL);

session_set_cookie_params([
	'lifetime' => 86400,
	'path' => '/',
	'domain' => $RUNTIME['DOMAIN'],
	'httponly' => true,
	'secure' => true,
	'samesite' => 'Lax'
]);
session_start();

include_once 'classen/MAIL/PHPMailer.php';
include_once 'classen/MAIL/SMTP.php';

include_once("classen/utils.php");
include_once("classen/HTML.php");
include_once("classen/GoogleAuthenticator.php");
include_once("classen/OpenSim.php");
include_once("classen/discord.php");

$RUNTIME = array();
$RUNTIME['OPENSIM'] = new OpenSim();

include_once("config.php");

function isValidEndpoint(string $pageName, string $dirPrefix) {
	return preg_match("[a-zA-Z0-9\.]{1,100}", $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php");
}

//TODO: add API keys and/or rate limiting
if(isset($_REQUEST['api'])) {
	if(isValidEndpoint($_REQUEST['api'], 'api')) {
		include "./api/".$_REQUEST['api'].".php";
	} else {
		die("ERROR; ENDPOINT NOT EXIST");
	}

	die();
}

if ($handle = opendir('./plugins/')) {
	while (false !== ($entry = readdir($handle))) {
		if ($entry != "." && $entry != "..") {
			include_once "./plugins/".$entry;
		}
	}

	closedir($handle);
}

if(isset($_REQUEST['logout']) && $_REQUEST['logout'] == '1') {
	$_SESSION = array();
}

if(isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == 'true') {
	if(!isset($_REQUEST['page'])) {
		include './pages/dashboard.php';
	} else if(isValidEndpoint($_REQUEST['page'], 'pages')) {
		include "./pages/".$_REQUEST['page'].".php";
	} else {
		include "./pages/error.php";
	}
	
	die();
}

if(isset($_REQUEST['page']) && $_REQUEST['page'] == "register") {
	include "./pages/register.php";
} else {
	include "./pages/login.php";
}

?>
add files 2020-06-03 15:31:18 +00:00			`<?php`
			`date_default_timezone_set("Europe/Berlin");`
			`error_reporting(E_ALL);`
Set secure attributes for session cookie 2023-08-23 16:16:34 +00:00
			`session_set_cookie_params([`
			`'lifetime' => 86400,`
			`'path' => '/',`
			`'domain' => $RUNTIME['DOMAIN'],`
			`'httponly' => true,`
			`'secure' => true,`
			`'samesite' => 'Lax'`
			`]);`
add files 2020-06-03 15:31:18 +00:00			`session_start();`

			`include_once 'classen/MAIL/PHPMailer.php';`
			`include_once 'classen/MAIL/SMTP.php';`

			`include_once("classen/utils.php");`
			`include_once("classen/HTML.php");`
			`include_once("classen/GoogleAuthenticator.php");`
			`include_once("classen/OpenSim.php");`
add discord 2021-01-20 23:29:57 +00:00			`include_once("classen/discord.php");`
add files 2020-06-03 15:31:18 +00:00
			`$RUNTIME = array();`
			`$RUNTIME['OPENSIM'] = new OpenSim();`

			`include_once("config.php");`

Improve routing 2023-08-23 16:16:34 +00:00			`function isValidEndpoint(string $pageName, string $dirPrefix) {`
			`return preg_match("[a-zA-Z0-9\.]{1,100}", $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php");`
			`}`

Improve API endpoint name validation 2023-08-23 16:16:34 +00:00			`//TODO: add API keys and/or rate limiting`
Improve routing 2023-08-23 16:16:34 +00:00			`if(isset($_REQUEST['api'])) {`
			`if(isValidEndpoint($_REQUEST['api'], 'api')) {`
Improve API endpoint name validation 2023-08-23 16:16:34 +00:00			`include "./api/".$_REQUEST['api'].".php";`
			`} else {`
add files 2020-06-03 15:31:18 +00:00			`die("ERROR; ENDPOINT NOT EXIST");`
			`}`

			`die();`
			`}`

Improve routing 2023-08-23 16:16:34 +00:00			`if ($handle = opendir('./plugins/')) {`
			`while (false !== ($entry = readdir($handle))) {`
			`if ($entry != "." && $entry != "..") {`
add admin menu 2020-08-04 09:44:59 +00:00			`include_once "./plugins/".$entry;`
			`}`
			`}`

			`closedir($handle);`
			`}`

Improve routing 2023-08-23 16:16:34 +00:00			`if(isset($_REQUEST['logout']) && $_REQUEST['logout'] == '1') {`
			`$_SESSION = array();`
			`}`
add files 2020-06-03 15:31:18 +00:00
Improve routing 2023-08-23 16:16:34 +00:00			`if(isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == 'true') {`
			`if(!isset($_REQUEST['page'])) {`
			`include './pages/dashboard.php';`
			`} else if(isValidEndpoint($_REQUEST['page'], 'pages')) {`
			`include "./pages/".$_REQUEST['page'].".php";`
			`} else {`
			`include "./pages/error.php";`
add files 2020-06-03 15:31:18 +00:00			`}`
Improve routing 2023-08-23 16:16:34 +00:00
			`die();`
			`}`
add files 2020-06-03 15:31:18 +00:00
Improve routing 2023-08-23 16:16:34 +00:00			`if(isset($_REQUEST['page']) && $_REQUEST['page'] == "register") {`
add files 2020-06-03 15:31:18 +00:00			`include "./pages/register.php";`
Improve routing 2023-08-23 16:16:34 +00:00			`} else {`
add files 2020-06-03 15:31:18 +00:00			`include "./pages/login.php";`
			`}`

			`?>`