assetmgt/index.php

<?php
define('secure_admin_342642', true);

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

//=====================================
//CHECK USER SESSION
//=====================================
if (!isset($_SESSION['loggedin'])) {
    header('location: login.php');
    die();
}

if (isset($_GET['page']) && $_GET['page'] == 'logout') {
    session_destroy();
    header('location: login.php');
    die();
}

//=====================================
//INCLUDE CONSTANTS
//=====================================

include dirname(__FILE__).'/settings/config_redirector.php';

if (debug){
    set_error_handler(function($errno, $errstr, $errfile, $errline) {
    debuglog("PHP ERROR [$errno]: $errstr in $errfile on line $errline");
    return false; 
    });

    set_exception_handler(function($exception) {
        debuglog("PHP EXCEPTION: " . $exception->getMessage() . " in " . $exception->getFile() . " on line " . $exception->getLine());
    });
}

//INCLUDE FUNCTIONS AND SETTINGS
include dirname(__FILE__).'/assets/functions.php';
include dirname(__FILE__).'/settings/settings_redirector.php';
include_once dirname(__FILE__).'/settings/countries.php';

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//TOKEN REFRESH LOGIC
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Token refresh buffer: refresh token 5 minutes (300 seconds) before expiry
$token_refresh_buffer = 300;

// Check if API token exists and is still valid
if (!isset($_SESSION['authorization']['userkey']) ||
    !isset($_SESSION['authorization']['token_valid']) ||
    time() >= (strtotime($_SESSION['authorization']['token_valid']) - $token_refresh_buffer)) {

    // Token missing, expired, or about to expire - get new token
    if (isset($_SESSION['authorization']['refreshkey'])) {
        $api_url = '/v2/token_refresh/refreshkey='.$_SESSION['authorization']['refreshkey'];
        $responses = ioServer($api_url, '');

        //Decode Payload
        if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}

        if (isset($responses['userkey']) && isset($responses['token_valid'])) {
            // Update session with complete response (same as login.php)
            $_SESSION['authorization'] = $responses;
        } else {
            // Token refresh failed - redirect to login
            session_destroy();
            header('location: login.php?error=session_expired');
            die();
        }
    } else {
        // No refreshkey available - redirect to login
        session_destroy();
        header('location: login.php?error=session_expired');
        die();
    }
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//GET USER PERMISSION ASSIGNED
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if (!isset($_SESSION['authorization']['id']) && isset($_SESSION['authorization']['userkey'])){

    $api_url = '/v2/user_permissions/userkey='.$_SESSION['authorization']['userkey'];
    $responses = ioServer($api_url,'');
    //Decode Payload
    if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}

    //STORE DATA IN SESSION
    if (is_array($responses) && !isset($responses['error_code'])) {
        foreach($responses as $key => $value){
            $_SESSION['authorization'][$key] = $value;
        }
    } else {
        // API call failed or returned error - redirect to login with error message
        session_destroy();
        header('location: login.php?error=session_expired');
        die();
    }
}

if (debug && debug_id == $_SESSION['authorization']['id']){
    ini_set('display_errors', '1');
    ini_set('display_startup_errors', '1');
    error_reporting(E_ALL);  
}

//=====================================
//TRANSLATION FILE LOCATION
//=====================================

if (isset($_GET['language']) && $_GET['language'] !=''){
    //INCLUDE LANGUAGE FILE
    $api_file_language = './settings/translations/translations_'.strtoupper($_GET['language']).'.php';
    if (file_exists($api_file_language)){   
        include $api_file_language; //Include the code
        //DEFINE LANGUAGE
        $_SESSION['country_code'] = trim($_GET['language']);
    }
    else {
        include './settings/translations/translations_US.php';
        //DEFINE LANGUAGE
        $_SESSION['country_code'] = 'US';
    }

    //REMOVE FROM GET TO AVOID THAT LANGUAGE IS USED IN GET_VALUES FUNCTION
    unset($_GET['language']);
}
elseif(isset($_SESSION['country_code'])){
    $api_file_language = './settings/translations/translations_'.strtoupper($_SESSION['country_code']).'.php';
    if (file_exists($api_file_language)){   
        include $api_file_language; //Include the code
    }
    else {
        include './settings/translations/translations_US.php';
    }
} else {
    include './settings/translations/translations_US.php';
    //DEFINE LANGUAGE
    $_SESSION['country_code'] = 'US';
}
//=====================================
// Determine the base URL
//=====================================
$base_url = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] === 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ? 'https' : 'http';
$base_url .= '://' . rtrim($_SERVER['HTTP_HOST'], '/');
$base_url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 || strpos($_SERVER['HTTP_HOST'], ':') !== false ? '' : ':' . $_SERVER['SERVER_PORT'];
$base_url .= '/' . ltrim(substr(str_replace('\\', '/', realpath(__DIR__)), strlen($_SERVER['DOCUMENT_ROOT'])), '/');
define('base_url', rtrim($base_url, '/') . '/');

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// SIMPLE ROUTING SYSTEM
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if (isset($_GET['page'])) {
    $page = $_GET['page'];
} else {
    // Get first available page from user's permissions using the menu structure
    $default_page = null;
    if (!empty($_SESSION['authorization']['permissions'])) {
        include_once dirname(__FILE__).'/settings/settingsmenu.php';
        $filteredMenu = filterMenuByPermissions($main_menu, $_SESSION['authorization']['permissions']);

        // Get first menu item's URL as default page
        foreach ($filteredMenu as $section) {
            if (isset($section['main_menu']['url'])) {
                $default_page = $section['main_menu']['url'];
                break;
            }
        }
    }
    $page = $default_page ?? 'dashboard';
}

// Sanitize page parameter to prevent directory traversal
$page = preg_replace('/[^a-zA-Z0-9_-]/', '', $page);
$page_file = $page . '.php';

// Output error variable
$error = '';

try {
    $file_exists = file_exists($page_file);
    $is_allowed = $file_exists ? isAllowed($page, $_SESSION['authorization']['permissions'], $_SESSION['authorization']['permission'], 'R') : 0;

    if ($file_exists && $is_allowed !== 0) {
        include $page_file;
    } else {
        // Show error page for missing files or unauthorized access
        $page_exists = file_exists($page_file);
        $error_title = $page_exists ? 'Access Denied' : 'Page Not Found';
        $error_message = $page_exists
            ? 'You do not have permission to access this page.'
            : 'The requested page "' . htmlspecialchars($page) . '" could not be found.';
        $error_icon = $page_exists ? 'fa-solid fa-lock' : 'fa-solid fa-file-circle-xmark';

        template_header($error_title, '');
        echo '
        <div class="content-title">
            <div class="title">
                <i class="' . $error_icon . '"></i>
                <div class="txt">
                    <h2>' . $error_title . '</h2>
                    <p>' . $error_message . '</p>
                </div>
            </div>
        </div>
        <div class="content-block" style="text-align: center; padding: 60px 20px;">
            <div style="font-size: 64px; color: var(--gray-400, #9ca3af); margin-bottom: 20px;">
                <i class="' . $error_icon . '"></i>
            </div>
            <p style="color: var(--gray-500, #6b7280); margin-bottom: 30px;">Please check the URL or navigate using the menu.</p>
        </div>';
        template_footer();
    }
} catch (Exception $e) {
    // Handle any errors during page inclusion
    if (debug) {
        debuglog("Error loading page {$page}: " . $e->getMessage());
    }

    template_header('System Error', '');
    echo '
    <div class="content-title">
        <div class="title">
            <i class="fa-solid fa-triangle-exclamation"></i>
            <div class="txt">
                <h2>System Error</h2>
                <p>An error occurred while loading the page.</p>
            </div>
        </div>
    </div>
    <div class="content-block" style="text-align: center; padding: 60px 20px;">
        <div style="font-size: 64px; color: var(--gray-400, #9ca3af); margin-bottom: 20px;">
            <i class="fa-solid fa-triangle-exclamation"></i>
        </div>
        <p style="color: var(--gray-500, #6b7280); margin-bottom: 30px;">Please try again or contact the system administrator.</p>
        <div style="display: flex; gap: 10px; justify-content: center;">
            <button onclick="location.reload()" class="btn">
                <i class="fa-solid fa-rotate-right"></i> Reload Page
            </button>
        </div>
    </div>';
    template_footer();
}

//=====================================
//debuglog
//=====================================

if (debug){
    $message = $date.';'.json_encode($_GET).';'.$_SESSION['authorization']['clientID'];
    debuglog($message);
}