From c07d9f1c740307a847c472ff1967d06de9a98bac Mon Sep 17 00:00:00 2001 From: Benjamin Kraft Date: Mon, 1 Jul 2024 17:04:39 +0200 Subject: [PATCH] add/remove scripts behind .env password --- .env.example | 3 ++- public/elotracker/add.php | 10 +++++++++- public/elotracker/remove.php | 10 +++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 8cc27f1..876f91e 100644 --- a/.env.example +++ b/.env.example @@ -3,4 +3,5 @@ MYSQL_USER= MYSQL_PASSWORD= MYSQL_DATABASE= RIOT_API_KEY= -UPDATE_LIMIT_MINUTES= \ No newline at end of file +UPDATE_LIMIT_MINUTES= +ADMIN_KEY= \ No newline at end of file diff --git a/public/elotracker/add.php b/public/elotracker/add.php index 73eed16..5a41f67 100644 --- a/public/elotracker/add.php +++ b/public/elotracker/add.php @@ -6,9 +6,17 @@ if (php_sapi_name() == 'cli') { if (isset($argv[1])) { parse_str($argv[1], $_GET); } + if (isset($argv[2])) { + parse_str($argv[2], $_POST); + } +} + +if (!isset($_POST["adminKey"]) || $_POST["adminKey"] != $_ENV["ADMIN_KEY"]){ + echo "Forbidden"; + die; } $tracker = new Tracker(); -if (!$tracker->add($_GET["gameName"], $_GET["tagLine"], $message)){ +if (!$tracker->add($_POST["gameName"], $_POST["tagLine"], $message)){ echo "Failure: ".$message; } \ No newline at end of file diff --git a/public/elotracker/remove.php b/public/elotracker/remove.php index b787e7f..2df712e 100644 --- a/public/elotracker/remove.php +++ b/public/elotracker/remove.php @@ -6,9 +6,17 @@ if (php_sapi_name() == 'cli') { if (isset($argv[1])) { parse_str($argv[1], $_GET); } + if (isset($argv[2])) { + parse_str($argv[2], $_POST); + } +} + +if (!isset($_POST["adminKey"]) || $_POST["adminKey"] != $_ENV["ADMIN_KEY"]){ + echo "Forbidden"; + die; } $tracker = new Tracker(); -if (!$tracker->remove($_GET["gameName"], $_GET["tagLine"], $message)){ +if (!$tracker->remove($_POST["gameName"], $_POST["tagLine"], $message)){ echo "Failure: ".$message; }