220 lines
8.0 KiB
PHP
220 lines
8.0 KiB
PHP
<?php
|
|
define('secure_admin_342642', true);
|
|
|
|
if (session_status() == PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
//=====================================
|
|
//INCLUDE CONSTANTS
|
|
//=====================================
|
|
|
|
include dirname(__FILE__).'/settings/config_redirector.php';
|
|
|
|
if (debug){
|
|
set_error_handler(function($errno, $errstr, $errfile, $errline) {
|
|
debuglog("PHP ERROR [$errno]: $errstr in $errfile on line $errline");
|
|
return false;
|
|
});
|
|
|
|
set_exception_handler(function($exception) {
|
|
debuglog("PHP EXCEPTION: " . $exception->getMessage() . " in " . $exception->getFile() . " on line " . $exception->getLine());
|
|
});
|
|
}
|
|
|
|
//INCLUDE FUNCTIONS AND SETTINGS
|
|
include dirname(__FILE__).'/assets/functions.php';
|
|
include dirname(__FILE__).'/settings/settings_redirector.php';
|
|
include_once dirname(__FILE__).'/settings/countries.php';
|
|
|
|
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
//GET USER PERMISSION ASSIGNED
|
|
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
if (!isset($_SESSION['authorization']['id']) && isset($_SESSION['authorization']['userkey'])){
|
|
|
|
$api_url = '/v2/user_permissions/userkey='.$_SESSION['authorization']['userkey'];
|
|
$responses = ioServer($api_url,'');
|
|
//Decode Payload
|
|
if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
|
|
|
|
//STORE DATA IN SESSION
|
|
if (is_array($responses) && !isset($responses['error'])) {
|
|
foreach($responses as $key => $value){
|
|
$_SESSION['authorization'][$key] = $value;
|
|
}
|
|
} else {
|
|
// API call failed or returned error - redirect to login
|
|
session_destroy();
|
|
header('location: login.php');
|
|
die();
|
|
}
|
|
}
|
|
|
|
if (debug && debug_id == $_SESSION['authorization']['id']){
|
|
ini_set('display_errors', '1');
|
|
ini_set('display_startup_errors', '1');
|
|
error_reporting(E_ALL);
|
|
}
|
|
|
|
//=====================================
|
|
//TRANSLATION FILE LOCATION
|
|
//=====================================
|
|
|
|
if (isset($_GET['language']) && $_GET['language'] !=''){
|
|
//INCLUDE LANGUAGE FILE
|
|
$api_file_language = './settings/translations/translations_'.strtoupper($_GET['language']).'.php';
|
|
if (file_exists($api_file_language)){
|
|
include $api_file_language; //Include the code
|
|
//DEFINE LANGUAGE
|
|
$_SESSION['country_code'] = trim($_GET['language']);
|
|
}
|
|
else {
|
|
include './settings/translations/translations_US.php';
|
|
//DEFINE LANGUAGE
|
|
$_SESSION['country_code'] = 'US';
|
|
}
|
|
|
|
//REMOVE FROM GET TO AVOID THAT LANGUAGE IS USED IN GET_VALUES FUNCTION
|
|
unset($_GET['language']);
|
|
}
|
|
elseif(isset($_SESSION['country_code'])){
|
|
$api_file_language = './settings/translations/translations_'.strtoupper($_SESSION['country_code']).'.php';
|
|
if (file_exists($api_file_language)){
|
|
include $api_file_language; //Include the code
|
|
}
|
|
else {
|
|
include './settings/translations/translations_US.php';
|
|
}
|
|
} else {
|
|
include './settings/translations/translations_US.php';
|
|
//DEFINE LANGUAGE
|
|
$_SESSION['country_code'] = 'US';
|
|
}
|
|
//=====================================
|
|
// Determine the base URL
|
|
//=====================================
|
|
$base_url = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] === 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ? 'https' : 'http';
|
|
$base_url .= '://' . rtrim($_SERVER['HTTP_HOST'], '/');
|
|
$base_url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 || strpos($_SERVER['HTTP_HOST'], ':') !== false ? '' : ':' . $_SERVER['SERVER_PORT'];
|
|
$base_url .= '/' . ltrim(substr(str_replace('\\', '/', realpath(__DIR__)), strlen($_SERVER['DOCUMENT_ROOT'])), '/');
|
|
define('base_url', rtrim($base_url, '/') . '/');
|
|
|
|
|
|
//=====================================
|
|
//CHECK USER SESSION
|
|
//=====================================
|
|
if (!isset($_SESSION['loggedin'])) {
|
|
header('location: login.php');
|
|
die();
|
|
}
|
|
|
|
if (isset($_GET['page']) && $_GET['page'] == 'logout') {
|
|
session_destroy();
|
|
header('location: login.php');
|
|
die();
|
|
}
|
|
|
|
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
// SIMPLE ROUTING SYSTEM
|
|
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
if (isset($_GET['page'])) {
|
|
$page = $_GET['page'];
|
|
} else {
|
|
// Get first available page from user's permissions using the menu structure
|
|
$default_page = null;
|
|
if (!empty($_SESSION['authorization']['permissions'])) {
|
|
include_once dirname(__FILE__).'/settings/settingsmenu.php';
|
|
$filteredMenu = filterMenuByPermissions($main_menu, $_SESSION['authorization']['permissions']);
|
|
|
|
// Get first menu item's URL as default page
|
|
foreach ($filteredMenu as $section) {
|
|
if (isset($section['main_menu']['url'])) {
|
|
$default_page = $section['main_menu']['url'];
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
$page = $default_page ?? 'dashboard';
|
|
}
|
|
|
|
// Sanitize page parameter to prevent directory traversal
|
|
$page = preg_replace('/[^a-zA-Z0-9_-]/', '', $page);
|
|
$page_file = $page . '.php';
|
|
|
|
// Output error variable
|
|
$error = '';
|
|
|
|
try {
|
|
$file_exists = file_exists($page_file);
|
|
$is_allowed = $file_exists ? isAllowed($page, $_SESSION['authorization']['permissions'], $_SESSION['authorization']['permission'], 'R') : 0;
|
|
|
|
if ($file_exists && $is_allowed !== 0) {
|
|
include $page_file;
|
|
} else {
|
|
// Show error page for missing files or unauthorized access
|
|
$page_exists = file_exists($page_file);
|
|
$error_title = $page_exists ? 'Access Denied' : 'Page Not Found';
|
|
$error_message = $page_exists
|
|
? 'You do not have permission to access this page.'
|
|
: 'The requested page "' . htmlspecialchars($page) . '" could not be found.';
|
|
$error_icon = $page_exists ? 'fa-solid fa-lock' : 'fa-solid fa-file-circle-xmark';
|
|
|
|
template_header($error_title, '');
|
|
echo '
|
|
<div class="content-title">
|
|
<div class="title">
|
|
<i class="' . $error_icon . '"></i>
|
|
<div class="txt">
|
|
<h2>' . $error_title . '</h2>
|
|
<p>' . $error_message . '</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="content-block" style="text-align: center; padding: 60px 20px;">
|
|
<div style="font-size: 64px; color: var(--gray-400, #9ca3af); margin-bottom: 20px;">
|
|
<i class="' . $error_icon . '"></i>
|
|
</div>
|
|
<p style="color: var(--gray-500, #6b7280); margin-bottom: 30px;">Please check the URL or navigate using the menu.</p>
|
|
</div>';
|
|
template_footer();
|
|
}
|
|
} catch (Exception $e) {
|
|
// Handle any errors during page inclusion
|
|
if (debug) {
|
|
debuglog("Error loading page {$page}: " . $e->getMessage());
|
|
}
|
|
|
|
template_header('System Error', '');
|
|
echo '
|
|
<div class="content-title">
|
|
<div class="title">
|
|
<i class="fa-solid fa-triangle-exclamation"></i>
|
|
<div class="txt">
|
|
<h2>System Error</h2>
|
|
<p>An error occurred while loading the page.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="content-block" style="text-align: center; padding: 60px 20px;">
|
|
<div style="font-size: 64px; color: var(--gray-400, #9ca3af); margin-bottom: 20px;">
|
|
<i class="fa-solid fa-triangle-exclamation"></i>
|
|
</div>
|
|
<p style="color: var(--gray-500, #6b7280); margin-bottom: 30px;">Please try again or contact the system administrator.</p>
|
|
<div style="display: flex; gap: 10px; justify-content: center;">
|
|
<button onclick="location.reload()" class="btn">
|
|
<i class="fa-solid fa-rotate-right"></i> Reload Page
|
|
</button>
|
|
</div>
|
|
</div>';
|
|
template_footer();
|
|
}
|
|
|
|
//=====================================
|
|
//debuglog
|
|
//=====================================
|
|
|
|
if (debug){
|
|
$message = $date.';'.json_encode($_GET).';'.$_SESSION['authorization']['clientID'];
|
|
debuglog($message);
|
|
}
|
|
|