Files
dangrubb.net/php/update_state.php
2025-07-16 15:34:57 -04:00

66 lines
1.6 KiB
PHP

<?php
// Set proper headers
header('Content-Type: text/plain');
// Only allow POST requests
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
die('Method not allowed');
}
// Strict input validation
if (!isset($_POST['state'])) {
http_response_code(400);
die('Missing state parameter');
}
// Only allow exact string matches
if (!in_array($_POST['state'], ['0', '1'], true)) {
http_response_code(400);
die('Invalid state - must be 0 or 1');
}
// Additional validation - check if it's exactly one character
if (strlen($_POST['state']) !== 1) {
http_response_code(400);
die('Invalid state length');
}
// Validate it's actually a digit
if (!ctype_digit($_POST['state'])) {
http_response_code(400);
die('State must be numeric');
}
$state = $_POST['state'];
// Use a safe file path outside web root
$file_path = '../server_state.txt';
// Ensure directory exists and is writable
if (!is_writable(dirname($file_path))) {
http_response_code(500);
die('Server configuration error');
}
// Write with file locking to prevent race conditions
$result = file_put_contents($file_path, $state, LOCK_EX);
if ($result === false) {
http_response_code(500);
die('Failed to write state');
}
// Verify the write was successful
$written_state = file_get_contents($file_path);
if ($written_state !== $state) {
http_response_code(500);
die('State verification failed');
}
// Optional: Log the change (helpful for debugging)
$log_entry = date('Y-m-d H:i:s') . " - State changed to: {$state} - IP: {$_SERVER['REMOTE_ADDR']}\n";
error_log($log_entry, 3, '/tmp/server_state.log');
echo 'success';
?>