181 lines
5.3 KiB
PHP
181 lines
5.3 KiB
PHP
<?php
|
|
class MY_Controller extends CI_Controller {
|
|
var $db_onedev;
|
|
var $sys_user;
|
|
var $sys_input;
|
|
var $isLogin;
|
|
var $one_salt = '545';
|
|
var $SECRET_KEY = "--one_api-secret-2019-04-01";
|
|
|
|
var $group_lab = "1";
|
|
var $lang_default_code = "ID";
|
|
|
|
public function broadcast($prm){
|
|
file_get_contents('http://127.0.0.1:9090/broadcast/' . $prm);
|
|
}
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
//for preflight
|
|
header('Access-Control-Allow-Origin: *');
|
|
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
|
|
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
|
|
//for disable cached
|
|
header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT');
|
|
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
|
|
header('Pragma: no-cache');
|
|
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
|
|
global $_SERVER;
|
|
if ( isset($_SERVER["REQUEST_METHOD"]) && $_SERVER["REQUEST_METHOD"] == "OPTIONS") {
|
|
exit;
|
|
}
|
|
$this->sys_user = array(
|
|
"isExists" => false,
|
|
"user" => array(
|
|
"userName" => "",
|
|
"userLogin" => "",
|
|
"userID" => 0
|
|
)
|
|
);
|
|
error_reporting(0);
|
|
// Sanitize and validate raw JSON input
|
|
$raw_input = $this->input->raw_input_stream;
|
|
if (!empty($raw_input)) {
|
|
// Check for JSON injection attempts
|
|
if (strlen($raw_input) > 1048576) { // 1MB limit
|
|
$this->sys_error("Input too large");
|
|
exit;
|
|
}
|
|
|
|
$this->sys_input = json_decode($raw_input, true);
|
|
|
|
// Validate JSON structure
|
|
if (json_last_error() !== JSON_ERROR_NONE) {
|
|
$this->sys_error("Invalid JSON format");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
if (!$this->sys_input) {
|
|
if (count($this->input->post()) > 0) {
|
|
// Sanitize POST data
|
|
$this->sys_input = $this->sanitize_input($this->input->post());
|
|
} else {
|
|
// Sanitize GET data
|
|
$this->sys_input = $this->sanitize_input($this->input->get());
|
|
}
|
|
}
|
|
$this->load->library("Jwt");
|
|
try {
|
|
$prm = $this->sys_input;
|
|
if (! isset($prm["token"])) {
|
|
$this->isLogin = false;
|
|
} else {
|
|
$user = JWT::decode($prm["token"],$this->SECRET_KEY,true);
|
|
unset($this->sys_input["token"]);
|
|
$user = json_decode(json_encode($user),true);
|
|
if ($user["M_UserID"] > 0 ) {
|
|
$this->isLogin = true;
|
|
}
|
|
$this->sys_user = $user;
|
|
$this->db_onedev = $this->load->database("onedev", true);
|
|
$query = $this->db_onedev->query("update m_user SET M_UserLastAccess = now() WHERE M_UserID = ?",array($user["M_UserID"]));
|
|
if (!$query) {
|
|
$message = $this->db_onedev->error();
|
|
$this->sys_error($message);
|
|
exit;
|
|
}
|
|
//update last accessed
|
|
}
|
|
} catch(Exception $e) {
|
|
$this->isLogin = false;
|
|
}
|
|
$this->load->database();
|
|
|
|
}
|
|
public function sys_debug() {
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
}
|
|
public function sys_error_db($message,$db = false) {
|
|
if (! $db ) {
|
|
echo json_encode(
|
|
array(
|
|
"status" => "ERR",
|
|
"message" => $message,
|
|
"query" => $this->db->last_query(),
|
|
"db_error" => $this->db->error()
|
|
)
|
|
);
|
|
} else {
|
|
echo json_encode(
|
|
array(
|
|
"status" => "ERR",
|
|
"message" => $message,
|
|
"query" => $db->last_query(),
|
|
"db_error" => $db->error()
|
|
)
|
|
);
|
|
}
|
|
}
|
|
public function sys_error($message) {
|
|
echo json_encode(
|
|
array(
|
|
"status" => "ERR",
|
|
"message" => $message
|
|
)
|
|
);
|
|
}
|
|
public function sys_ok($data) {
|
|
echo json_encode(
|
|
array(
|
|
"status" => "OK",
|
|
"data" => $data
|
|
)
|
|
);
|
|
}
|
|
|
|
public function clean_mysqli_connection( $dbc )
|
|
{
|
|
while( mysqli_more_results($dbc) )
|
|
{
|
|
if(mysqli_next_result($dbc))
|
|
{
|
|
$result = mysqli_use_result($dbc);
|
|
|
|
unset($result);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Add this new method to the class
|
|
private function sanitize_input($data) {
|
|
if (is_array($data)) {
|
|
foreach ($data as $key => $value) {
|
|
// Remove potentially dangerous keys
|
|
if (preg_match('/[^a-zA-Z0-9_\-]/', $key)) {
|
|
unset($data[$key]);
|
|
continue;
|
|
}
|
|
|
|
$data[$key] = $this->sanitize_input($value);
|
|
}
|
|
return $data;
|
|
}
|
|
|
|
// Sanitize string values
|
|
if (is_string($data)) {
|
|
// Remove null bytes
|
|
$data = str_replace(chr(0), '', $data);
|
|
// Convert special characters to HTML entities
|
|
$data = htmlspecialchars($data, ENT_QUOTES, 'UTF-8');
|
|
// Remove potentially dangerous patterns
|
|
$data = preg_replace('/[^\p{L}\p{N}\p{P}\p{Z}]/u', '', $data);
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
}
|
|
?>
|