hacker_marc/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add tailadmin

Browse Source
This commit is contained in:
hacker_marc
2026-02-20 14:48:15 +01:00
parent 4b4a46225f
commit a8df1d61d5
70 changed files with 30775 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
api/api.php Normal file
View File

@@ -0,0 +1,102 @@
<?php
/*
_____ _____ _ _
/ ____| / ____| | | | |
_ __ ___ ___| (___ ___ _ ____ _| | ___ _ __ | |_ _ __ ___ | |
| '_ ` _ \ / __|\___ \ / _ \ '__\ \ / / | / _ \| '_ \| __| '__/ _ \| |
| | | | | | (__ ____) | __/ | \ V /| |___| (_) | | | | |_| | | (_) | |
|_| |_| |_|\___|_____/ \___|_| \_/ \_____\___/|_| |_|\__|_| \___/|_|
* By marc-go
*/
ini_set("display_errors", 1);
ini_set("display_startup_errors", 1);
error_reporting(E_ALL);
class mcServApi {
public function getConf() {
$env = parse_ini_file(__DIR__ . "/../.env");
return $env;
}
public function getDB() {
$config = $this->getConf();
$db = new PDO("sqlite:" . $config["DB_PATH"]);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $db;
}
public function checkAuth() {
if ($this->checkLogin()) {
return true;
}elseif (isset($_SERVER["HTTP_X_API_KEY"])) {
$key = $_SERVER["HTTP_X_API_KEY"];
$db = $this->getDB();
$sql = "SELECT * FROM api_keys WHERE key = :key";
$stmt = $db->prepare($sql);
$stmt->execute([":key" => $key]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$user_id = $result["user_id"];
$sql = "SELECT username FROM users WHERE id = :id";
$stmt = $db->prepare($sql);
$stmt->execute([":id" => $user_id]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$username = $result["username"];
$this->api_keys[$key] = $username;
return true;
}else{
return false;
}
}else{
return false;
}
}
public function getUser() {
if ($this->checkLogin()) {
return $_COOKIE["username"];
}elseif (isset($_SERVER["HTTP_X_API_KEY"])) {
$key = $_SERVER["HTTP_X_API_KEY"];
if (isset($this->api_keys[$key])) {
return $this->api_keys[$key];
}
}
}
public function checkLogin() {
if (!isset($_COOKIE["session_id"]) || !isset($_COOKIE["device_id"]) || !isset($_COOKIE["username"])) {
return false;
}
$config = $this->getConf();
$json = json_decode(file_get_contents($config["PATH"] . "/tmp/user_sessions/" . $_COOKIE["username"] . ".json"), true);
if (!isset($json[$_COOKIE["device_id"]])) {
return false;
}
$device = $json[$_COOKIE["device_id"]];
if ($device["session_id"] !== $_COOKIE["session_id"]) {
return false;
}
return true;
}
}

4
api/login/getcookies.php
View File

@@ -27,9 +27,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$session["session_id"] = $mcServ->generateSessionID();
$device_id = rand(1, 999);
$json[$device_id] = json_encode($session);
$json[$device_id] = $session;
file_put_contents($config["PATH"] . "/tmp/user_sessions/" . $admin_user . ".json", json_encode($json));
file_put_contents($config["PATH"] . "/tmp/user_sessions/" . $user . ".json", json_encode($json));
setcookie("session_id", $session["session_id"], time() + 3600, "/");
setcookie("device_id", $device_id, time() + 3600, "/");

2
api/setup/setup.php
View File

@@ -66,7 +66,7 @@ $device_id = rand(1, 999);
$json[$device_id] = json_encode($session);
$json["array"] = true;
mkdir($config["PATH"] . "/tmp/user_sessions", 0700, true);
mkdir($config["PATH"] . "/tmp/user_sessions", 0755, true);
file_put_contents($config["PATH"] . "/tmp/user_sessions/" . $admin_user . ".json", json_encode($json));

1
api/users/info.php Normal file
View File

@@ -0,0 +1 @@
<?php

30
api/users/list.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
require "../api.php";
$api = new mcServApi();
if (!$api->checkAuth()) {
die('{"status":500, "error:"Unauthorized"}');
}
$db = $api->getDB();
$sql = "SELECT * FROM users";
$stmt = $db->query($sql);
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
$users= [];
foreach($result as $user_res) {
$user["name"] = $user_res["username"];
$user["mail"] = $user_res["mail"];
$users[] = $user;
}
$json["status"] = 200;
$json["users"] = $users;
echo json_encode($json);
?>