| Dir : /home/trave494/outtheboxministry.org/ |
| Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
| Dir : /home/trave494/outtheboxministry.org/api-v2.php |
<?php
// API v2 is not yet finished, you have to use the old API version.
header_remove('Server');
header("Content-type: application/json");
require('assets/init.php');
require('api/v2/init.php');
$wo['loggedin'] = false;
$response_data = array();
$error_code = 0;
$error_message = '';
$type = (!empty($_GET['type'])) ? Wo_Secure($_GET['type'], 0) : false;
$server_key = (!empty($_POST['server_key'])) ? Wo_Secure($_POST['server_key'], 0) : false;
if (empty($type)) {
$response_data = array(
'api_status' => '404',
'errors' => array(
'error_id' => '1',
'error_text' => 'Error: 404 API Type not specified'
)
);
echo json_encode($response_data, JSON_PRETTY_PRINT);
exit();
}
if (empty($server_key)) {
$response_data = array(
'api_status' => '404',
'errors' => array(
'error_id' => '1',
'error_text' => 'Error: 404 POST (server_key) not specified, Admin Panel > API Settings > Manage API Server Key'
)
);
echo json_encode($response_data, JSON_PRETTY_PRINT);
exit();
}
if ($server_key != $wo['config']['widnows_app_api_key']) {
$response_data = array(
'api_status' => '404',
'errors' => array(
'error_id' => '1',
'error_text' => 'Error: invalid server key'
)
);
echo json_encode($response_data, JSON_PRETTY_PRINT);
exit();
}
$api = "api/v2/endpoints/$type.php";
$pages_without_access_token = array(
'get-site-settings',
'active_account_sms',
'auth',
'regsiter',
'send-reset-password-email',
'create-account',
'social-login',
'is-active',
'two-factor',
'reset_password',
'validation_user'
);
$pages_without_loggedin = array(
'get-site-settings',
'active_account_sms',
'auth',
'regsiter',
'send-reset-password-email',
'create-account',
'social-login',
'is-active',
'two-factor',
'reset_password',
'validation_user'
);
if (!file_exists($api)) {
$response_data = array(
'api_status' => '404',
'errors' => array(
'error_id' => '1',
'error_text' => 'Error: 404 API Type Not Found'
)
);
echo json_encode($response_data, JSON_PRETTY_PRINT);
exit();
}
if (!in_array($type, $pages_without_access_token)) {
if (empty($_GET['access_token'])) {
$error_code = 1;
$error_message = 'Error: access_token is missing';
}
}
if (!empty($_GET['access_token'])) {
$get_user_id_from_access_token = Wo_ValidateAccessToken($_GET['access_token']);
if (is_numeric($get_user_id_from_access_token) && $get_user_id_from_access_token > 0) {
$wo['user'] = Wo_UserData($get_user_id_from_access_token);
if (!empty($wo['user'])) {
$wo['loggedin'] = true;
if ($wo['user']['user_id'] < 0 || empty($wo['user']['user_id']) || !is_numeric($wo['user']['user_id']) || Wo_UserActive($wo['user']['username']) === false) {
$wo['loggedin'] = false;
}
}
}
}
if (!in_array($type, $pages_without_loggedin)) {
if ($wo['loggedin'] == false && !empty($_GET['access_token'])) {
$error_code = 2;
$error_message = 'Invalid or expired access_token';
} else if ($wo['loggedin'] == false) {
$error_code = 2;
$error_message = 'Not authorized';
}
}
if (!empty($error_code)) {
$response_data = array(
'api_status' => '404',
'errors' => array(
'error_id' => $error_code,
'error_text' => $error_message
)
);
echo json_encode($response_data, JSON_PRETTY_PRINT);
exit();
}
if ($wo['loggedin'] == true) {
$wo['lang'] = Wo_LangsFromDB($wo['user']['language']);
}
require_once "api/v2/functions.php";
require_once "$api";
if (!empty($error_code)) {
$response_data = array(
'api_status' => '400',
'errors' => array(
'error_id' => $error_code,
'error_text' => $error_message
)
);
}
echo json_encode($response_data, JSON_PRETTY_PRINT);
exit();
mysqli_close($sqlConnect);
unset($wo);
?>