canned-responses/web-api/index.php

<?php
//
// Copyright (c) 2019, Mr. Gecko's Media (James Coleman)
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification,
//    are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this
//    list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
//    this list of conditions and the following disclaimer in the documentation
//    and/or other materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors
//    may be used to endorse or promote products derived from this software without
//    specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
//    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
//    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
//    IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
//    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
//    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
//    OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
//    WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
//    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
//    POSSIBILITY OF SUCH DAMAGE.
//

error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT);

function error($error) {
	echo $error;
	exit();
}

$_MGM = array();
$_MGM['version'] = "1";
$_MGM['title'] = "Canned Response";
$_MGM['author'] = "James Coleman";
$_MGM['DBType'] = "SQLITE"; // MYSQL, POSTGRESQL, SQLITE.
$_MGM['DBPersistent'] = false;
$_MGM['DBHost'] = "localhost";
$_MGM['DBUser'] = "";
$_MGM['DBPassword'] = "";
$_MGM['DBName'] = "databases/main.db"; // File location for SQLite.
$_MGM['DBPort'] = 0; // 3306 = MySQL Default, 5432 = PostgreSQL Default.
$_MGM['DBPrefix'] = "";
$_MGM['adminEmail'] = "name@example.com";
$_MGM['PublicAPIWhiteListedIPs'] = array(); // IP Addresses to whitelist access to public API to list canned responses.
require_once("db{$_MGM['DBType']}.php");

putenv("TZ=US/Central");
$_MGM['time'] = time();
$_MGM['domain'] = $_SERVER['HTTP_HOST'];
$_MGM['domainname'] = str_replace("www.", "", $_MGM['domain']);
$_MGM['port'] = $_SERVER['SERVER_PORT'];
$_MGM['ssl'] = ($_SERVER['HTTPS']=="on");

if ($_SERVER['REMOTE_ADDR'])
	$_MGM['ip'] = $_SERVER['REMOTE_ADDR'];

$_MGM['installPath'] = substr($_SERVER['SCRIPT_NAME'], 0, strlen($_SERVER['SCRIPT_NAME'])-strlen(end(explode("/", $_SERVER['SCRIPT_NAME']))));
if (!isset($_GET['d'])) {
	$tmp = explode("?", substr($_SERVER['REQUEST_URI'], strlen($_MGM['installPath'])));
	$tmp = urldecode($tmp[0]);
	if (substr($tmp, 0, 9)=="index.php")
		$tmp = substr($tmp, 10, strlen($tmp)-10);
	$_MGM['fullPath'] = $tmp;
} else {
	$tmp = $_GET['d'];
	if (substr($tmp, 0, 1)=="/")
		$tmp = substr($tmp, 1, strlen($tmp)-1);
	$_MGM['fullPath'] = $tmp;
}
if (strlen($_MGM['fullPath'])>255) error("The URI you entered is to large");
$_MGM['path'] = explode("/", strtolower($_MGM['fullPath']));

$_MGM['CookiePrefix'] = "";
$_MGM['CookiePath'] = $_MGM['installPath'];
$_MGM['CookieDomain'] = ".".$_MGM['domainname'];

function generateURL($path="") {
	global $_MGM;
	return "http".($_MGM['ssl'] ? "s" : "")."://".$_MGM['domain'].(((!$_MGM['ssl'] && $_MGM['port']==80) || ($_MGM['ssl'] && $_MGM['port']==443)) ? "" : ":{$_MGM['port']}").$_MGM['installPath'].$path;
}

function hashPassword($password, $salt) {
	$hashed = hash("sha512", $salt.$password);
	for ($i=0; $i<10000; $i++) {
		$hashed = hash("sha512", $salt.hex2bin($hashed));
	}
	return $hashed;
}

connectToDatabase();

if (file_exists("code/setup.php")) {
	require("code/setup.php");
}

if (isset($_COOKIE["{$_MGM['CookiePrefix']}user_email"])) {
	$result = databaseQuery("SELECT * FROM {$_MGM['DBPrefix']}users WHERE email=%s AND level!=0", $_COOKIE["{$_MGM['CookiePrefix']}user_email"]);
	$user = databaseFetchAssoc($result);
	if ($user!=NULL && hash("sha512", $user['password'].$user['time'])==$_COOKIE["{$_MGM['CookiePrefix']}user_password"]) {
		$_MGM['user'] = $user;
	}
}

if (!isset($_MGM['user']) && $_MGM['path'][0]=="login") {
	require("code/login.php");
}
if (isset($_MGM['user']) && $_MGM['path'][0]=="logout") {
	require("code/logout.php");
}

if ($_MGM['path'][0]=="api") {
	require("code/api.php");
}

if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][0]=="users") {
	require("code/users.php");
}

if ($_MGM['path'][0]!="") {
	require("code/404.php");
}

require("code/index.php");
?>
first commit 2019-09-19 19:41:33 -05:00			`<?php`
			`//`
			`// Copyright (c) 2019, Mr. Gecko's Media (James Coleman)`
			`// All rights reserved.`
			`//`
			`// Redistribution and use in source and binary forms, with or without modification,`
			`// are permitted provided that the following conditions are met:`
			`//`
			`// 1. Redistributions of source code must retain the above copyright notice, this`
			`// list of conditions and the following disclaimer.`
			`//`
			`// 2. Redistributions in binary form must reproduce the above copyright notice,`
			`// this list of conditions and the following disclaimer in the documentation`
			`// and/or other materials provided with the distribution.`
			`//`
			`// 3. Neither the name of the copyright holder nor the names of its contributors`
			`// may be used to endorse or promote products derived from this software without`
			`// specific prior written permission.`
			`//`
			`// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND`
			`// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
			`// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.`
			`// IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,`
			`// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,`
			`// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,`
			`// OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,`
			`// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)`
			`// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE`
			`// POSSIBILITY OF SUCH DAMAGE.`
			`//`

			`error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT);`

			`function error($error) {`
			`echo $error;`
			`exit();`
			`}`

			`$_MGM = array();`
			`$_MGM['version'] = "1";`
			`$_MGM['title'] = "Canned Response";`
			`$_MGM['author'] = "James Coleman";`
			`$_MGM['DBType'] = "SQLITE"; // MYSQL, POSTGRESQL, SQLITE.`
			`$_MGM['DBPersistent'] = false;`
			`$_MGM['DBHost'] = "localhost";`
			`$_MGM['DBUser'] = "";`
			`$_MGM['DBPassword'] = "";`
			`$_MGM['DBName'] = "databases/main.db"; // File location for SQLite.`
			`$_MGM['DBPort'] = 0; // 3306 = MySQL Default, 5432 = PostgreSQL Default.`
			`$_MGM['DBPrefix'] = "";`
			`$_MGM['adminEmail'] = "name@example.com";`
			`$_MGM['PublicAPIWhiteListedIPs'] = array(); // IP Addresses to whitelist access to public API to list canned responses.`
			`require_once("db{$_MGM['DBType']}.php");`

			`putenv("TZ=US/Central");`
			`$_MGM['time'] = time();`
			`$_MGM['domain'] = $_SERVER['HTTP_HOST'];`
			`$_MGM['domainname'] = str_replace("www.", "", $_MGM['domain']);`
			`$_MGM['port'] = $_SERVER['SERVER_PORT'];`
			`$_MGM['ssl'] = ($_SERVER['HTTPS']=="on");`

			`if ($_SERVER['REMOTE_ADDR'])`
			`$_MGM['ip'] = $_SERVER['REMOTE_ADDR'];`

			`$_MGM['installPath'] = substr($_SERVER['SCRIPT_NAME'], 0, strlen($_SERVER['SCRIPT_NAME'])-strlen(end(explode("/", $_SERVER['SCRIPT_NAME']))));`
			`if (!isset($_GET['d'])) {`
			`$tmp = explode("?", substr($_SERVER['REQUEST_URI'], strlen($_MGM['installPath'])));`
			`$tmp = urldecode($tmp[0]);`
			`if (substr($tmp, 0, 9)=="index.php")`
			`$tmp = substr($tmp, 10, strlen($tmp)-10);`
			`$_MGM['fullPath'] = $tmp;`
			`} else {`
			`$tmp = $_GET['d'];`
			`if (substr($tmp, 0, 1)=="/")`
			`$tmp = substr($tmp, 1, strlen($tmp)-1);`
			`$_MGM['fullPath'] = $tmp;`
			`}`
			`if (strlen($_MGM['fullPath'])>255) error("The URI you entered is to large");`
			`$_MGM['path'] = explode("/", strtolower($_MGM['fullPath']));`

			`$_MGM['CookiePrefix'] = "";`
			`$_MGM['CookiePath'] = $_MGM['installPath'];`
			`$_MGM['CookieDomain'] = ".".$_MGM['domainname'];`

			`function generateURL($path="") {`
			`global $_MGM;`
			`return "http".($_MGM['ssl'] ? "s" : "")."://".$_MGM['domain'].(((!$_MGM['ssl'] && $_MGM['port']==80) \|\| ($_MGM['ssl'] && $_MGM['port']==443)) ? "" : ":{$_MGM['port']}").$_MGM['installPath'].$path;`
			`}`

			`function hashPassword($password, $salt) {`
			`$hashed = hash("sha512", $salt.$password);`
			`for ($i=0; $i<10000; $i++) {`
			`$hashed = hash("sha512", $salt.hex2bin($hashed));`
			`}`
			`return $hashed;`
			`}`

			`connectToDatabase();`

			`if (file_exists("code/setup.php")) {`
			`require("code/setup.php");`
			`}`

			`if (isset($_COOKIE["{$_MGM['CookiePrefix']}user_email"])) {`
			`$result = databaseQuery("SELECT * FROM {$_MGM['DBPrefix']}users WHERE email=%s AND level!=0", $_COOKIE["{$_MGM['CookiePrefix']}user_email"]);`
			`$user = databaseFetchAssoc($result);`
			`if ($user!=NULL && hash("sha512", $user['password'].$user['time'])==$_COOKIE["{$_MGM['CookiePrefix']}user_password"]) {`
			`$_MGM['user'] = $user;`
			`}`
			`}`

			`if (!isset($_MGM['user']) && $_MGM['path'][0]=="login") {`
			`require("code/login.php");`
			`}`
			`if (isset($_MGM['user']) && $_MGM['path'][0]=="logout") {`
			`require("code/logout.php");`
			`}`

			`if ($_MGM['path'][0]=="api") {`
			`require("code/api.php");`
			`}`

			`if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][0]=="users") {`
			`require("code/users.php");`
			`}`

			`if ($_MGM['path'][0]!="") {`
			`require("code/404.php");`
			`}`

			`require("code/index.php");`
			`?>`