" . "" . "" . "
" . htmlspecialchars($error) . "
"); } date_default_timezone_set($SETTINGS['timezone']); // Database settings // Also inits database and stuff use Medoo\Medoo; $database; try { $database = new Medoo([ 'database_type' => $SETTINGS['database']['type'], 'database_name' => $SETTINGS['database']['name'], 'server' => $SETTINGS['database']['server'], 'username' => $SETTINGS['database']['user'], 'password' => $SETTINGS['database']['password'], 'charset' => $SETTINGS['database']['charset'] ]); } catch (Exception $ex) { //header('HTTP/1.1 500 Internal Server Error'); sendError("Database error. Try again later. $ex"); } if (!$SETTINGS['debug']) { error_reporting(0); } else { error_reporting(E_ALL); ini_set('display_errors', 'On'); } $VARS; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $VARS = $_POST; define("GET", false); } else { $VARS = $_GET; define("GET", true); } function dieifnotloggedin() { if ($_SESSION['loggedin'] != true) { sendError("Session expired. Please log out and log in again."); } } /** * Check if the previous database action had a problem. * @param array $specials int=>string array with special response messages for SQL errors */ function checkDBError($specials = []) { global $database; $errors = $database->error(); if (!is_null($errors[1])) { foreach ($specials as $code => $text) { if ($errors[1] == $code) { sendError($text); } } sendError("A database error occurred:" . $errors[2] . "
");
}
}
function redirectIfNotLoggedIn() {
global $SETTINGS;
if ($_SESSION['loggedin'] !== TRUE) {
header('Location: ' . $SETTINGS['url'] . '/index.php');
die();
}
}
/**
* Check if the client's IP has been doing too many brute-force-friendly
* requests lately.
* Kills the script with a "friendly" error and response code 429
* (Too Many Requests) if the last access time in the DB is too near.
*
* Also updates the rate_limit table with the latest data and purges old rows.
* @global type $database
*/
function engageRateLimit() {
global $database;
$delay = date("Y-m-d H:i:s", strtotime("-2 seconds"));
$database->delete('rate_limit', ["lastaction[<]" => $delay]);
if ($database->has('rate_limit', ["AND" => ["ipaddr" => IPUtils::getClientIP()]])) {
http_response_code(429);
// JSONify it so API clients don't scream too loud
die(json_encode(["status" => "ERROR", "msg" => "You're going too fast. Slow down, mkay?"]));
} else {
// Add a record for the IP address
$database->insert('rate_limit', ["ipaddr" => IPUtils::getClientIP(), "lastaction" => date("Y-m-d H:i:s")]);
}
}