1
0
Fork 0
Manager/index.php

83 lines
2.0 KiB
PHP
Raw Normal View History

2020-06-03 15:31:18 +00:00
<?php
date_default_timezone_set("Europe/Berlin");
error_reporting(E_ALL);
include_once("config.php");
2023-08-23 16:16:35 +00:00
$RUNTIME['BASEDIR'] = __DIR__;
set_include_path('.:'.$RUNTIME['BASEDIR']);
session_set_cookie_params([
'lifetime' => 86400,
'path' => '/',
'domain' => $RUNTIME['DOMAIN'],
'httponly' => true,
'secure' => true,
'samesite' => 'Lax'
]);
2023-08-23 16:16:34 +00:00
2020-06-03 15:31:18 +00:00
session_start();
if(!isset($_SESSION['csrf']) || strlen($_SESSION['csrf']) != 64) {
2023-08-23 16:16:34 +00:00
$_SESSION['csrf'] = bin2hex(random_bytes(32));
}
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:35 +00:00
include_once("app/utils.php");
include_once("app/HTML.php");
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:34 +00:00
function isValidEndpoint(string $pageName, string $dirPrefix) {
return preg_match('/^[a-zA-Z0-9\.]{1,100}$/', $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php");
2023-08-23 16:16:34 +00:00
}
2023-08-23 16:16:36 +00:00
function needsLogin(?string $pageName) {
return $pageName != 'register' && $pageName != 'forgot' && $pageName != 'reset-password' && $pageName != 'login';
}
2023-08-23 16:16:34 +00:00
//TODO: add API keys and/or rate limiting
2023-08-23 16:16:36 +00:00
if(isset($_GET['api'])) {
if(isValidEndpoint($_GET['api'], 'api')) {
include "./api/".$_GET['api'].".php";
2023-08-23 16:16:34 +00:00
} else {
2020-06-03 15:31:18 +00:00
die("ERROR; ENDPOINT NOT EXIST");
}
die();
}
2023-08-23 16:16:34 +00:00
if ($handle = opendir('./plugins/')) {
while (false !== ($entry = readdir($handle))) {
if ($entry != "." && $entry != "..") {
2020-08-04 09:44:59 +00:00
include_once "./plugins/".$entry;
}
}
closedir($handle);
}
2023-08-23 16:16:36 +00:00
if(isset($_GET['logout']) && $_GET['logout'] == '1') {
2023-08-23 16:16:34 +00:00
$_SESSION = array();
2023-08-23 16:16:34 +00:00
header('Location: index.php');
2023-08-23 16:16:34 +00:00
}
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:34 +00:00
if(isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == 'true') {
2023-08-23 16:16:36 +00:00
if(!isset($_GET['page'])) {
2023-08-23 16:16:34 +00:00
include './pages/dashboard.php';
2023-08-23 16:16:36 +00:00
} else if(isValidEndpoint($_GET['page'], 'pages')) {
include "./pages/".$_GET['page'].".php";
2023-08-23 16:16:34 +00:00
} else {
include "./pages/error.php";
2020-06-03 15:31:18 +00:00
}
2023-08-23 16:16:34 +00:00
die();
}
2023-08-23 16:16:36 +00:00
else {
$page = isset($_GET['page']) ? $_GET['page'] : 'login';
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:36 +00:00
if(needsLogin($page)) {
$_SESSION['loginMessage'] = 'Du musst dich einloggen, um das MCP nutzen zu können';
$_SESSION['loginMessageColor'] = 'red';
header('Location: index.php?page=login');
}
else {
include "./pages/".$page.".php";
}
2020-06-03 15:31:18 +00:00
}
?>