Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * Wireframe
- * Most light-weight multi-host framework *ever*.
- * @author Sim
- * @php 5.7
- */
- class FSO_Admin
- {
- private $_dbh;
- const API_URL = "http://178.238.225.27:8080";
- public function __construct()
- {
- session_start();
- if(isset($_SESSION['expires_at'])):
- if(time() >= $_SESSION['expires_at']):
- unset($_SESSION['expires_at']);
- unset($_SESSION['access_token']);
- endif;
- endif;
- $this->_dbh = new wf_modules\WireframeDatabase([
- 'string' => 'mysql:host=localhost;dbname=fso',
- 'username' => 'root',
- 'password' => '',
- 'options' => [
- PDO::ATTR_PERSISTENT => TRUE,
- PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
- ]
- ]);
- }
- /**
- * _log(String $message)
- * Log message to a file (logs.txt)
- */
- private function _log($message)
- {
- file_put_contents(APP_PATH . '/logs.txt', '[' . date('d-m-Y h:i:s') . '] ' . $message .PHP_EOL, FILE_APPEND | LOCK_EX);
- }
- /**
- * run(Wireframe\Router $router)
- * Define all routing closures
- */
- public function run(Wireframe\Router $router)
- {
- /**
- * Index route
- * Display a confusing "It works!"
- */
- $router->get('/', function()
- {
- return 'It works!';
- }, CACHE_ROUTE);
- /**
- * Hidden admin route
- * Display admin_panel.phtml
- */
- $router->get('/charvatia', function()
- {
- return (new wf_modules\WireframeTemplate())->render("admin_panel.phtml");
- }, CACHE_ROUTE);
- /**
- * PHPAPI: login
- * Get an access token from FreeSO's API
- * Communicates with external API: Yes
- */
- $router->post('/login', function($username = FALSE, $password = FALSE)
- {
- header('Content-Type: application/json');
- if(!$username || !$password):
- return json_encode([
- 'error_code' => 'EMPTY_FIELDS',
- 'error_message' => 'Please enter all fields.'
- ]);
- endif;
- $result = $this->_doPost(
- self::API_URL . '/admin/oauth/token',
- array('Content-Type: application/x-www-form-urlencoded'),
- array(
- 'grant_type' => 'password',
- 'username' => $username,
- 'password' => $password
- )
- );
- if ($result === FALSE):
- return json_encode([
- 'error_code' => 'BAD_REQUEST',
- 'error_message' => 'There was a problem with the request.'
- ]);
- endif;
- $result = json_decode($result, TRUE);
- if(isset($result['access_token'])) {
- $_SESSION['access_token'] = $result['access_token'];
- $_SESSION['expires_at'] = time() + $result['expires_in'];
- } else {
- return json_encode([
- 'error_code' => 'RESPONSE_ERROR',
- 'error_message' => 'Invalid credentials.'
- ]);
- }
- $this->_log($_SERVER['REMOTE_ADDR'] . ' logged in');
- return json_encode(['success' => TRUE]);
- });
- /**
- * PHPAPI: register
- * Queries the FreeSO API to create a user
- * Communicates with external API: Yes
- */
- $router->post('/register', function($username = FALSE, $email = FALSE, $password = FALSE)
- {
- header('Content-Type: application/json');
- if(!isset($_SESSION['access_token'])):
- return json_encode([
- 'error_code' => 'NO_AUTH',
- 'error_message' => 'You have to login first.'
- ]);
- endif;
- if(!$username || !$email || !$password):
- return json_encode([
- 'error_code' => 'EMPTY_FIELDS',
- 'error_message' => 'Please enter all fields.'
- ]);
- endif;
- $result = $this->_doPost(
- self::API_URL . '/userapi/registration',
- array('Content-Type: application/x-www-form-urlencoded'),
- array(
- 'username' => $username,
- 'email' => $email,
- 'password' => $password
- )
- );
- if($result):
- $this->_log($_SERVER['REMOTE_ADDR'] . ' created an account: ' . $username);
- return json_encode(['success' => TRUE]);
- endif;
- return json_encode([
- 'error_code' => 'BAD_REQUEST',
- 'error_message' => 'There was a problem with the request.'
- ]);
- });
- /**
- * PHPAPI: announce
- * Queries the FreeSO API to make a broadcast
- * Communicates with external API: Yes
- */
- $router->post('/shards/announce', function($subject = false, $message = false)
- {
- header('Content-Type: application/json');
- if(!isset($_SESSION['access_token'])):
- return json_encode([
- 'error_code' => 'NO_AUTH',
- 'error_message' => 'You have to login first.'
- ]);
- endif;
- if(!$subject || !$message):
- return json_encode([
- 'error_code' => 'EMPTY_FIELDS',
- 'error_message' => 'Please enter all fields.'
- ]);
- endif;
- $result = $this->_doPost(
- self::API_URL . '/admin/shards/announce',
- array(
- 'Content-Type: application/x-www-form-urlencoded',
- 'Authorization: bearer ' . $_SESSION['access_token']
- ),
- array(
- 'sender' => $this->_getRandomName(),
- 'subject' => $subject,
- 'message' => $message
- )
- );
- if($result):
- $this->_log($_SERVER['REMOTE_ADDR'] . ' announced: ' . $message);
- return json_encode(['success' => TRUE]);
- endif;
- return json_encode([
- 'error_code' => 'BAD_REQUEST',
- 'error_message' => 'There was a problem with the request.'
- ]);
- });
- /**
- * PHPAPI: shutdown
- * Queries the FreeSO API to clean shutdown
- * Communicates with external API: Yes
- */
- $router->post('/shutdown', function($seconds = false, $subject = false, $message = false)
- {
- header('Content-Type: application/json');
- if(!$seconds) $seconds = 60;
- if(!$subject || !$message):
- return json_encode([
- 'error_code' => 'EMPTY_FIELDS',
- 'error_message' => 'Please enter all fields.'
- ]);
- endif;
- if(!isset($_SESSION['access_token'])):
- return json_encode([
- 'error_code' => 'NO_AUTH',
- 'error_message' => 'You have to login first.'
- ]);
- endif;
- $result = $this->_doPost(
- self::API_URL . '/admin/shards/shutdown',
- array(
- 'Content-Type: application/x-www-form-urlencoded',
- 'Authorization: bearer ' . $_SESSION['access_token']
- ),
- array(
- 'timeout' => $seconds,
- 'restart' => true
- )
- );
- $result_ann = $this->_doPost(
- self::API_URL . '/admin/shards/announce',
- array(
- 'Content-Type: application/x-www-form-urlencoded',
- 'Authorization: bearer ' . $_SESSION['access_token']
- ),
- array(
- 'sender' => $this->_getRandomName(),
- 'subject' => $subject,
- 'message' => $message
- )
- );
- if($result):
- $this->_log($_SERVER['REMOTE_ADDR'] . ' shutdown: ' . $message);
- return json_encode(['success' => TRUE]);
- endif;
- return json_encode([
- 'error_code' => 'BAD_REQUEST',
- 'error_message' => 'There was a problem with the request.'
- ]);
- });
- /**
- * PHPAPI: password
- * Changes a user's password
- * Has direct access to database
- * External API needs a new UserApi module
- * Communicates with external API: Yes
- */
- $router->post('/password', function($username = false, $password = false)
- {
- header('Content-Type: application/json');
- if(!isset($_SESSION['access_token'])):
- return json_encode([
- 'error_code' => 'NO_AUTH',
- 'error_message' => 'You have to login first.'
- ]);
- endif;
- if(!$username || !$password):
- return json_encode([
- 'error_code' => 'EMPTY_FIELDS',
- 'error_message' => 'Please enter all fields.'
- ]);
- endif;
- $userModel = new wf_modules\WireframeModel(
- 'fso_users', $this->_dbh
- );
- if($userModel->load(
- 'username', $username, 'user_id'
- )):
- $result = $this->_doPost(
- self::API_URL . '/userapi/gethashpassword',
- array('Content-Type: application/x-www-form-urlencoded'),
- array(
- 'password' => $password
- )
- );
- if($result):
- $result = json_decode($result, TRUE);
- if($result['password'] != ''):
- $userAuthModel = new wf_modules\WireframeModel(
- 'fso_user_authenticate', $this->_dbh
- );
- if($userAuthModel->load(
- 'user_id', $userModel->user_id, 'data'
- )):
- $userAuthModel->data = [hex2bin($result['password']), PDO::PARAM_LOB];
- $userAuthModel->save('user_id');
- $this->_log($_SERVER['REMOTE_ADDR'] . ' changed password of ' . $username . ' to *****');
- return json_encode([
- 'success' => TRUE
- ]);
- endif;
- endif;
- endif;
- endif;
- return json_encode([
- 'error_code' => 'NOT_CHANGED',
- 'error_message' => 'Password was not changed.'
- ]);
- });
- /**
- * PHPAPI: budget
- * Increases an avatar's budget
- * Has direct access to database
- * Communicates with external API: No
- */
- $router->post('/budget', function($simoleans = false, $avatarName = false)
- {
- header('Content-Type: application/json');
- if(!isset($_SESSION['access_token'])):
- return json_encode([
- 'error_code' => 'NO_AUTH',
- 'error_message' => 'You have to login first.'
- ]);
- endif;
- if(!$simoleans || !$avatarName):
- return json_encode([
- 'error_code' => 'EMPTY_FIELDS',
- 'error_message' => 'Please enter all fields.'
- ]);
- endif;
- if($simoleans < 0):
- return json_encode([
- 'error_code' => 'SIMOLEANS_LIMIT',
- 'error_message' => 'Simoleans cannot be negative.'
- ]);
- endif;
- if($simoleans > 50000):
- return json_encode([
- 'error_code' => 'SIMOLEANS_LIMIT',
- 'error_message' => 'Can\'t give more than 50k simoleans at a time.'
- ]);
- endif;
- if(isset($_SESSION['last_budget_change'])):
- $lbc = time() - $_SESSION['last_budget_change'];
- if($lbc < 60):
- $remainder = 60 - $lbc;
- return json_encode([
- 'error_code' => 'SIMOLEANS_EXHAUST',
- 'error_message' => 'Please wait ' . $remainder . ' seconds to give simoleans.'
- ]);
- endif;
- endif;
- $avatarModel = new wf_modules\WireframeModel(
- 'fso_avatars', $this->_dbh
- );
- if($avatarModel->load(
- 'name', $avatarName, 'budget'
- )):
- $avatarModel->budget += $simoleans;
- $avatarModel->save('name');
- $_SESSION['last_budget_change'] = time();
- return json_encode([
- 'success' => TRUE,
- 'previous_budget' => $avatarModel->budget
- ]);
- endif;
- return json_encode([
- 'error_code' => 'NO_AVATAR',
- 'error_message' => 'Avatar does not exist.'
- ]);
- });
- /**
- * PHPAPI: globalbudget
- * Increases all avatars' budget
- * Communicates with external API: Yes (to send broadcast)
- */
- $router->post('/globalbudget', function($simoleans = false, $message = false)
- {
- header('Content-Type: application/json');
- if(!isset($_SESSION['access_token'])):
- return json_encode([
- 'error_code' => 'NO_AUTH',
- 'error_message' => 'You have to login first.'
- ]);
- endif;
- if(!$simoleans || !$message):
- return json_encode([
- 'error_code' => 'EMPTY_FIELDS',
- 'error_message' => 'Please enter all fields.'
- ]);
- endif;
- if($simoleans < 0):
- return json_encode([
- 'error_code' => 'SIMOLEANS_LIMIT',
- 'error_message' => 'Simoleans cannot be negative.'
- ]);
- endif;
- if($simoleans > 10000):
- return json_encode([
- 'error_code' => 'SIMOLEANS_LIMIT',
- 'error_message' => 'Can\'t give more than 10.000$ simoleans at a time.'
- ]);
- endif;
- if(isset($_SESSION['last_global_budget_change'])):
- $lbc = time() - $_SESSION['last_global_budget_change'];
- if($lbc < 60):
- $remainder = 60 - $lbc;
- return json_encode([
- 'error_code' => 'SIMOLEANS_EXHAUST',
- 'error_message' => 'Please wait ' . $remainder . ' seconds to give simoleans.'
- ]);
- endif;
- endif;
- $this->_dbh->query('UPDATE fso_avatars SET budget = budget + ' . $simoleans)->execute();
- $result_ann = $this->_doPost(
- self::API_URL . '/admin/shards/announce',
- array(
- 'Content-Type: application/x-www-form-urlencoded',
- 'Authorization: bearer ' . $_SESSION['access_token']
- ),
- array(
- 'sender' => $this->_getRandomName(),
- 'subject' => 'You received ' . $simoleans . '$ simoleans!',
- 'message' => $message
- )
- );
- $this->_log($_SERVER['REMOTE_ADDR'] . ' gave global budget (' . $simoleans . '$) to all');
- $_SESSION['last_global_budget_change'] = time();
- return json_encode([
- 'success' => TRUE
- ]);
- });
- }
- /**
- * _doPost(String $url, $headers[], String $data)
- * Fires a POST request
- */
- private function _doPost($url, $headers, $data)
- {
- $header = '';
- foreach($headers as $head):
- $header .= $head . "\r\n";
- endforeach;
- $options = array(
- 'http' => array(
- 'header' => $header,
- 'method' => 'POST',
- 'content' => http_build_query($data)
- )
- );
- $context = stream_context_create($options);
- return file_get_contents($url, false, $context);
- }
- /**
- * _getRandomName()
- * Gets a random TSO name
- */
- private function _getRandomName()
- {
- $names = [
- 'M.O.M.I. Paula',
- 'M.O.M.I. Nick',
- 'M.O.M.I. Garry',
- 'M.O.M.I. Daniel',
- 'M.O.M.I. James',
- 'M.O.M.I. Jared',
- 'M.O.M.I. Elisa',
- 'M.O.M.I. Marlin',
- 'M.O.M.I. Harold',
- 'M.O.M.I. Greg',
- 'ARIES_OPERATIONS'
- ];
- return $names[array_rand($names)];
- }
- }
- return(new FSO_Admin());
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement