API tools faq
paste
eqeqwan21

index.php

eqeqwan21
Jul 21st, 2025
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.21 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once 'config/config.php';
  3. require_once 'program/include/iniset.php';
  4.  
  5. session_name("Asteroid2Id");
  6. session_start(['use_strict_mode' => true]);
  7.  
  8. $odb = new ods_db();
  9. if (!$odb->open()) {
  10.     var_dump('DB connect error: ' . $odb->error->getMessage());
  11. }
  12. $pdo = $odb->db;
  13.  
  14. if (!empty($_SESSION['uid'])) {
  15.     guardIp($pdo, $_SESSION['uid'], $_SESSION['role'], $_SESSION['userid']);
  16. }
  17.  
  18. $route = $_GET['do'] ?? 'home';
  19.  
  20. if ($route === 'login' && $_SERVER['REQUEST_METHOD'] === 'POST') {
  21.  
  22.     $login = trim($_POST['login'] ?? $_POST['inputLogin'] ?? '');
  23.     $pass = $_POST['pass'] ?? $_POST['inputPassword'] ?? '';
  24.  
  25.     $stmt = $pdo->prepare('SELECT id, password_hash, role FROM user WHERE login = ?');
  26.     $stmt->execute([$login]);
  27.     $u = $stmt->fetch(PDO::FETCH_ASSOC);
  28.  
  29.     if ($u && password_verify($pass, $u['password_hash'])) {
  30.  
  31.         $_SESSION['uid'] = $u['id'];
  32.         $_SESSION['role'] = $u['role'];
  33.         $_SESSION['userid'] = $login;
  34.         $_SESSION['admin'] = ($u['role'] === 'admin');
  35.         $_SESSION['login'] = $login;
  36.  
  37.         guardIp($pdo, $u['id'], $u['role'], $login);
  38.  
  39.         header('Location: ./');
  40.         exit;
  41.     }
  42.  
  43.     $error = 'Неверный логин или пароль';
  44. }
  45.  
  46. $base_uri = dirname($_SERVER["PHP_SELF"]);
  47. if ($base_uri == '/')
  48.     $base_uri = '';
  49.  
  50.  
  51. if (isset($_GET['n'])) {
  52.     $ds = new ods_device();
  53.     $ds->run();
  54.     exit;
  55. }
  56.  
  57. if (isset($_GET['asterisk'])) {
  58.     if (in_array($_SERVER['REMOTE_ADDR'], $config['aster_whitelist'])) {
  59.         $aster = new ods_aster();
  60.  
  61.         if (isset($_GET['fn']) && $_GET['fn'] == 'callconfirm') {
  62.             if (isset($_GET['id']) && isset($_GET['dialstatus']) && isset($_GET['hangupcause'])) {
  63.                 $ok = $aster->callconfirm($_GET['id'], $_GET['hangupcause'], $_GET['dialstatus']);
  64.                 echo $ok ? 'OK' : 'ERROR';
  65.             }
  66.         }
  67.  
  68.         if (isset($_GET['fn']) && $_GET['fn'] == 'incall') {
  69.             if (isset($_GET['cid']) && isset($_GET['did'])) {
  70.                 $ok = $aster->incall($_GET['did'], $_GET['cid']);
  71.                 echo $ok ? 'OK' : 'ERROR';
  72.             }
  73.         }
  74.     } else {
  75.         header("HTTP/1.1 403 Forbidden");
  76.         echo 'Access denied';
  77.     }
  78.     exit;
  79. }
  80.  
  81. if (strpos($_SERVER['REQUEST_URI'], 'images/tiles/') !== false) {
  82.     session_write_close();
  83.     if (isset($_SESSION['userid'])) {
  84.         $tiles = new ods_tiles();
  85.         $tiles->run($base_uri);
  86.     } else
  87.         header("HTTP/1.1 401 Unauthorized");
  88.  
  89.     exit;
  90. }
  91.  
  92.  
  93. if (strpos($_SERVER['REQUEST_URI'], 'images/') !== false) {
  94.     session_write_close();
  95.     if (isset($_SESSION['userid'])) {
  96.         $svg = new ods_svg();
  97.         $svg->run();
  98.     } else
  99.         header("HTTP/1.1 401 Unauthorized");
  100.     exit;
  101. }
  102.  
  103. $mui = new ods_mui();
  104. $language = $mui->langDetect();
  105. $mui->changeLang($language);
  106.  
  107. if (strpos($_SERVER['REQUEST_URI'], 'js/') !== false) {
  108.     session_write_close();
  109.     if (isset($_SESSION['userid'])) {
  110.         $js = new ods_js();
  111.         $js->run();
  112.     } else
  113.         header("HTTP/1.1 401 Unauthorized");
  114.     exit;
  115. }
  116.  
  117. if ('api' == @$_GET['do']) {
  118.     session_write_close();
  119.     if (isset($_SESSION['userid'])) {
  120.         $api = new ods_api();
  121.         $api->run();
  122.     } else
  123.         header("HTTP/1.1 401 Unauthorized");
  124.     exit;
  125. }
  126.  
  127. $loader = new Twig_Loader_Filesystem('templates');
  128. $options = array();
  129. if ($config['debug'])
  130.     $options['cache'] = false;
  131. else
  132.     $options['cache'] = 'cache/twig_c_cache';
  133. $twig = new Twig_Environment($loader, $options);
  134. $twig->addExtension(new Twig_Extensions_Extension_I18n());
  135.  
  136. $loginfail = "hide";
  137.  
  138. //$template = 'apppage.html';
  139. $template = 'map.html';
  140. if ('login' == @$_GET['do']) {
  141.     $template = 'login.html';
  142.     if (isset($_SESSION['userid']))
  143.         unset($_SESSION['userid']);
  144. } else {
  145.     if (!isset($_SESSION['userid'])) {
  146.         $loc = $base_uri . '/' . '?do=login';
  147.         $uri = $_SERVER['REQUEST_URI'];
  148.         if (!empty($uri) && !stristr($uri, "login"))
  149.             $loc .= '&b=' . urlencode($uri);
  150.         if (empty($_SERVER['HTTPS'])) {
  151.             sleep(2);
  152.             $loc = $base_uri . '/' . '?do=login';
  153.         }
  154.         header("Location: $loc");
  155.     }
  156. }
  157. if ($template != 'login.html') {
  158.     $do = 'form';
  159.     if (isset($_GET['do']))
  160.         $do = $_GET['do'];
  161.  
  162.     $clearuri = strtok($_SERVER['REQUEST_URI'], '?');
  163.  
  164.     if (in_array($clearuri, [$base_uri, $base_uri . '/'])) {
  165.         //$fn='map';
  166.         $loc = $base_uri . '/' . 'map';
  167.         header("Location: $loc");
  168.         exit();
  169.     } else
  170.         $fn = basename($clearuri);
  171.  
  172.     if (isset($_GET['fn']))
  173.         $fn = $_GET['fn'];
  174.  
  175.     if ('form' == $do)
  176.         $template = $fn . '.html';
  177. }
  178.  
  179. try {
  180.     $template = $twig->loadTemplate($template);
  181. } catch (Exception $e) {
  182.     $debug['error'] = $e->getMessage();
  183.     $template = $twig->loadTemplate('404.html');
  184. }
  185.  
  186. //$form = new ods_form();
  187.  
  188. $head['title'] = _("Asteroid");
  189.  
  190. $params = array(
  191.     'version' => $config['version'],
  192.     'configtime' => $config['time'],
  193.     'languages' => $config['languages'],
  194.     'language' => $language,
  195.     'language_ts' => $mui->poTime(),
  196.     'head' => $head,
  197.     'user' => @ $_SESSION['userid'],
  198.     'admin' => @ $_SESSION['admin'],
  199.     'demo' => @ $_SESSION['demo'],
  200.     '_GET' => @$_GET,
  201.     'base_uri' => $base_uri,
  202.     'debugmode' => $config['debug'],
  203.     'dim_width' => $config['dim_width'],
  204.     'dim_maxvalue' => $config['dim_maxvalue'],
  205.     'dim_percent' => $config['dim_percent'],
  206.     'wide_tiles' => $config['wide_tiles'],
  207.     'phone_letters' => $config['phone_letters'],
  208.     'phone_format' => $config['phone_format'],
  209.     'domain' => $_SERVER['SERVER_NAME'],
  210.     'appdata' => $appdata,
  211.     'template' => $template
  212. );
  213.  
  214. if ($params['debugmode'])
  215.     $params['debug'] = $debug;
  216. header("Content-Security-Policy: default-src 'self' 'unsafe-inline'; img-src * 'self' data: https:;");
  217. //  header("Content-Security-Policy: default-src 'self' 'unsafe-inline'; img-src 'self' data:;");
  218. if ($template == 'login.html') {
  219.     $params['loginfail'] = $loginfail;
  220.     header('Cache-Control:  no-cache, must-revalidate');
  221. } elseif ($template == '404.html') {
  222.     header('Cache-Control:  no-store, no-cache, must-revalidate, max-age=0');
  223.     header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
  224. } elseif (isset($_SESSION['userid'])) {
  225.     $kstr = filemtime('templates/' . $template);
  226.     $kstr .= filemtime('config/config.php');
  227.     $kstr .= filemtime('index.php');
  228.     $kstr .= @$_SESSION['userid'];
  229.     $etag = md5($kstr) . '.' . $language;
  230.  
  231.     if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
  232.         header('Content-Encoding: gzip');
  233.         ob_start('ob_gzhandler');
  234.     }
  235.     header('Cache-Control: private, must-revalidate');
  236.     header("Etag: $etag");
  237.     header('Vary: Accept-Encoding, Cookie');
  238.     header_remove("Pragma");
  239.     header_remove("Expires");
  240.  
  241.     if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
  242.         header($_SERVER['SERVER_PROTOCOL'] . " 304 Not Modified");
  243.         exit;
  244.     }
  245. }
  246. if (strpos($_SERVER['REQUEST_URI'], '/users') !== false) {
  247.     if ($_SESSION['userid'] !== 'odmin') {
  248.         header('HTTP/1.1 403 Forbidden');
  249.         exit('Access denied');
  250.     }
  251.  
  252.     require_once 'program/include/ods_admin.php';
  253.     $adm = new ods_admin($pdo);
  254.  
  255.     if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  256.         $uid = (int)($_POST['uid'] ?? 0);
  257.         $act = $_POST['action'] ?? '';
  258.  
  259.         try {
  260.             switch ($act) {
  261.  
  262.                 case 'reset_ip':
  263.                     $adm->resetIp($uid);
  264.                     header('Location: users?resetok=1'); exit;
  265.  
  266.                 case 'reset_device':
  267.                     $adm->resetDevice($uid);
  268.                     header('Location: users?devok=1'); exit;
  269.  
  270.                 case 'lock_ips':
  271.                     $adm->lockIps($uid);
  272.                     header('Location: users?lockok=1'); exit;
  273.  
  274.                 case 'delete_user':
  275.                     if ($uid === (int)$_SESSION['uid']) {
  276.                         header('Location: users?error=own'); exit;
  277.                     }
  278.                     $adm->deleteUser($uid);
  279.                     header('Location: users?delok=1'); exit;
  280.  
  281.                 default:
  282.                     $adm->createUser($_POST);
  283.                     header('Location: users?ok='.urlencode($_POST['login'])); exit;
  284.             }
  285.  
  286.         } catch (Exception $e) {
  287.             header('Location: users?error='.urlencode($e->getMessage())); exit;
  288.         }
  289.     }
  290.  
  291.     $users = $adm->listUsers();
  292.     $template = $twig->loadTemplate('users.html');
  293.     $page = [
  294.         'ok'      => $_GET['ok']      ?? null,
  295.         'resetok' => $_GET['resetok'] ?? null,
  296.         'devok'   => $_GET['devok']   ?? null,
  297.         'lockok'  => $_GET['lockok']  ?? null,
  298.         'delok'   => $_GET['delok']   ?? null,
  299.         'error'   => ($_GET['error'] ?? null) === 'own'
  300.             ? 'Cannot delete your own account'
  301.             : ($_GET['error'] ?? null),
  302.         'users'   => $users,
  303.     ];
  304.  
  305.     echo $twig->render('users.html', array_merge($params, $page));
  306.     $odb->close();
  307.     exit;
  308. }
  309. echo $template->render($params);
  310. $odb->close();
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!