2013-08-28 22:47:04 +02:00
< ? php
/**
* File : api . php .
* Author : Ulrich Block
* Date : 20.05 . 12
* Time : 13 : 41
* Contact : < ulrich . block @ easy - wi . com >
*
* This file is part of Easy - WI .
*
* Easy - WI is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* Easy - WI is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with Easy - WI . If not , see < http :// www . gnu . org / licenses />.
*
* Diese Datei ist Teil von Easy - WI .
*
* Easy - WI ist Freie Software : Sie koennen es unter den Bedingungen
* der GNU General Public License , wie von der Free Software Foundation ,
* Version 3 der Lizenz oder ( nach Ihrer Wahl ) jeder spaeteren
* veroeffentlichten Version , weiterverbreiten und / oder modifizieren .
*
* Easy - WI wird in der Hoffnung , dass es nuetzlich sein wird , aber
* OHNE JEDE GEWAEHELEISTUNG , bereitgestellt ; sogar ohne die implizite
* Gewaehrleistung der MARKTFAEHIGKEIT oder EIGNUNG FUER EINEN BESTIMMTEN ZWECK .
* Siehe die GNU General Public License fuer weitere Details .
*
* Sie sollten eine Kopie der GNU General Public License zusammen mit diesem
* Programm erhalten haben . Wenn nicht , siehe < http :// www . gnu . org / licenses />.
*/
2013-09-27 08:22:09 +02:00
define ( 'EASYWIDIR' , dirname ( __FILE__ ));
2013-09-28 13:12:29 +02:00
if ( is_dir ( EASYWIDIR . '/install' )) die ( 'Please remove the "install" folder' );
2013-10-03 12:49:13 +02:00
$logininclude = true ;
2013-09-27 08:22:09 +02:00
include ( EASYWIDIR . '/stuff/vorlage.php' );
include ( EASYWIDIR . '/stuff/class_validator.php' );
include ( EASYWIDIR . '/stuff/functions.php' );
include ( EASYWIDIR . '/stuff/settings.php' );
2013-08-28 22:47:04 +02:00
if ( $ui -> ip4 ( 'REMOTE_ADDR' , 'server' ) and $ui -> names ( 'user' , 255 , 'post' )) {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `ip`,`active`,`pwd`,`salt`,`user`,i.`resellerID` FROM `api_ips` i LEFT JOIN `api_settings` s ON i.`resellerID`=s.`resellerID` WHERE `ip`=? " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $ui -> ip4 ( 'REMOTE_ADDR' , 'server' )));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) {
$apiIP = $row [ 'ip' ];
$pwd = $row [ 'pwd' ];
$salt = $row [ 'salt' ];
2013-10-03 12:49:13 +02:00
if ( $row [ 'active' ] == 'Y' and passwordhash ( $ui -> password ( 'pwd' , 255 , 'post' ), $salt ) == $pwd and $ui -> names ( 'user' , 255 , 'post' ) == $row [ 'user' ]) {
2013-10-05 13:39:56 +02:00
$resellerIDs [] = $row [ 'resellerID' ];
2013-08-28 22:47:04 +02:00
}
}
} else {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: No valid access data' );
}
2013-10-03 12:49:13 +02:00
if ( $ui -> smallletters ( 'type' , 10 , 'post' ) and ( $ui -> smallletters ( 'type' , 4 , 'post' ) == 'user' or $ui -> smallletters ( 'type' , 5 , 'post' ) == 'voice' or $ui -> smallletters ( 'type' , 7 , 'post' ) == 'gserver' or $ui -> smallletters ( 'type' , 5 , 'post' ) == 'mysql' )) {
2013-08-28 22:47:04 +02:00
$type = $ui -> smallletters ( 'type' , 7 , 'post' );
}
if ( isset ( $resellerIDs ) and count ( $resellerIDs ) == 1 and passwordhash ( $ui -> password ( 'pwd' , 255 , 'post' ), $salt ) == $pwd and isset ( $type )) {
$resellerID = $resellerIDs [ 0 ];
$licenceDetails = serverAmount ( $resellerID );
if ( is_numeric ( $licenceDetails [ 'left' ]) and ( 0 > $licenceDetails [ 'left' ] or 0 > $licenceDetails [ 'lG' ] or 0 > $licenceDetails [ 'lVo' ] or 0 > $licenceDetails [ 'lVs' ] or 0 > $licenceDetails [ 'lD' ])) {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: More servers are stored than allowed!' );
}
2013-09-29 15:29:58 +02:00
$data = array ();
2013-08-28 22:47:04 +02:00
if ( $ui -> escaped ( 'json' , 'post' )) {
$apiType = 'json' ;
$data =@ json_decode ( urldecode ( base64_decode ( $ui -> escaped ( 'json' , 'post' ))));
if ( ! $data ) {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: JSON not vaild' );
}
} else if ( $ui -> escaped ( 'xml' , 'post' )) {
$apiType = 'xml' ;
$data =@ simplexml_load_string ( urldecode ( base64_decode ( $ui -> escaped ( 'xml' , 'post' ))));
if ( ! $data ) {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: XML not valid' );
}
} else {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: Neither POST value xml, nor JSON has been send!' );
}
$data = ( array ) $data ;
2013-09-29 15:29:58 +02:00
$tempArray = array ();
2013-08-28 22:47:04 +02:00
foreach ( $data as $key => $value ) {
if ( is_object ( $value )) {
$tempArray [ $key ] = null ;
} else {
2013-10-05 13:39:56 +02:00
$tempArray [ $key ] = $value ;
2013-08-28 22:47:04 +02:00
}
}
$data = $tempArray ;
unset ( $tempArray );
2013-10-03 12:49:13 +02:00
$bad = array ( false , null , '' );
2013-08-28 22:47:04 +02:00
$licenceDetails = serverAmount ( $resellerID );
if ( is_numeric ( $licenceDetails [ 'left' ]) and ( 0 > $licenceDetails [ 'left' ] or 0 > $licenceDetails [ 'lG' ] or 0 > $licenceDetails [ 'lVo' ] or 0 > $licenceDetails [ 'lVs' ] or 0 > $licenceDetails [ 'lD' ])) {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: Server amount already exceeds licence limits!' );
}
$gsModule = ( is_numeric ( $licenceDetails [ 'mG' ]) and $licenceDetails [ 'mG' ] == 0 ) ? false : true ;
$vModule = ( is_numeric ( $licenceDetails [ 'mVs' ]) and $licenceDetails [ 'mVs' ] == 0 ) ? false : true ;
$voModule = ( is_numeric ( $licenceDetails [ 'mVo' ]) and $licenceDetails [ 'mVo' ] == 0 ) ? false : true ;
$dModule = ( is_numeric ( $licenceDetails [ 'mD' ]) and $licenceDetails [ 'mD' ] == 0 ) ? false : true ;
2013-10-03 12:49:13 +02:00
if ( $type == 'user' ) {
2013-09-27 08:22:09 +02:00
include ( EASYWIDIR . '/stuff/api_users.php' );
2013-10-03 12:49:13 +02:00
} else if ( $type == 'voice' ) {
2013-08-28 22:47:04 +02:00
if ( $voModule == true ) {
2013-09-27 08:22:09 +02:00
include ( EASYWIDIR . '/stuff/api_voice.php' );
2013-08-28 22:47:04 +02:00
} else {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: Voice module is inactive' );
}
2013-10-03 12:49:13 +02:00
} else if ( $type == 'mysql' ) {
2013-09-27 08:22:09 +02:00
include ( EASYWIDIR . '/stuff/api_mysql.php' );
2013-10-03 12:49:13 +02:00
} else if ( $type == 'gserver' ) {
2013-08-28 22:47:04 +02:00
if ( $gsModule == true ) {
2013-09-27 08:22:09 +02:00
include ( EASYWIDIR . '/stuff/api_gserver.php' );
2013-08-28 22:47:04 +02:00
} else {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: Gameserver module is inactive' );
}
}
} else if ( isset ( $resellerIDs ) and count ( $resellerIDs ) == 1 and passwordhash ( $ui -> password ( 'pwd' , 255 , 'post' ), $salt ) == $pwd and ! isset ( $type )) {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: Type is not defined' );
} else {
header ( 'HTTP/1.1 403 Forbidden' );
die ( '403 Forbidden: No valid api data' );
}
