66 lines
1.6 KiB
PHP
66 lines
1.6 KiB
PHP
<?php
|
|
// Set proper headers
|
|
header('Content-Type: text/plain');
|
|
|
|
// Only allow POST requests
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
die('Method not allowed');
|
|
}
|
|
|
|
// Strict input validation
|
|
if (!isset($_POST['state'])) {
|
|
http_response_code(400);
|
|
die('Missing state parameter');
|
|
}
|
|
|
|
// Only allow exact string matches
|
|
if (!in_array($_POST['state'], ['0', '1'], true)) {
|
|
http_response_code(400);
|
|
die('Invalid state - must be 0 or 1');
|
|
}
|
|
|
|
// Additional validation - check if it's exactly one character
|
|
if (strlen($_POST['state']) !== 1) {
|
|
http_response_code(400);
|
|
die('Invalid state length');
|
|
}
|
|
|
|
// Validate it's actually a digit
|
|
if (!ctype_digit($_POST['state'])) {
|
|
http_response_code(400);
|
|
die('State must be numeric');
|
|
}
|
|
|
|
$state = $_POST['state'];
|
|
|
|
// Use a safe file path outside web root
|
|
$file_path = '../server_state.txt';
|
|
|
|
// Ensure directory exists and is writable
|
|
if (!is_writable(dirname($file_path))) {
|
|
http_response_code(500);
|
|
die('Server configuration error');
|
|
}
|
|
|
|
// Write with file locking to prevent race conditions
|
|
$result = file_put_contents($file_path, $state, LOCK_EX);
|
|
|
|
if ($result === false) {
|
|
http_response_code(500);
|
|
die('Failed to write state');
|
|
}
|
|
|
|
// Verify the write was successful
|
|
$written_state = file_get_contents($file_path);
|
|
if ($written_state !== $state) {
|
|
http_response_code(500);
|
|
die('State verification failed');
|
|
}
|
|
|
|
// Optional: Log the change (helpful for debugging)
|
|
$log_entry = date('Y-m-d H:i:s') . " - State changed to: {$state} - IP: {$_SERVER['REMOTE_ADDR']}\n";
|
|
error_log($log_entry, 3, '../tmp/server_state.log');
|
|
|
|
echo 'success';
|
|
?>
|