jilo-web/app/pages/config.php

<?php

/**
 * Config management.
 *
 * This page handles the config file.
 */

// Get any new feedback messages
include '../app/helpers/feedback.php';

require '../app/classes/config.php';
require '../app/classes/api_response.php';

// Initialize required objects
$userObject = new User($dbWeb);
$configObject = new Config();

// For AJAX requests
$isAjax = !empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&
          strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';

// Set JSON content type for AJAX requests
if ($isAjax) {
    header('Content-Type: application/json');
}

// Ensure config file path is set
if (!isset($config_file) || empty($config_file)) {
    if ($isAjax) {
        ApiResponse::error('Config file path not set');
        exit;
    } else {
        Feedback::flash('ERROR', 'DEFAULT', 'Config file path not set');
        header('Location: ' . htmlspecialchars($app_root));
        exit;
    }
}

// Check if file is writable
$isWritable = is_writable($config_file);
$configMessage = '';
if (!$isWritable) {
    $configMessage = Feedback::render('ERROR', 'DEFAULT', 'Config file is not writable', false);
    if ($isAjax) {
        ApiResponse::error('Config file is not writable', null, 403);
        exit;
    }
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Check if user has permission to edit config
    if (!$userObject->hasRight($userId, 'edit config file')) {
        $logObject->insertLog($userId, "Unauthorized: User \"$currentUser\" tried to edit config file. IP: $user_IP", 'system');
        if ($isAjax) {
            ApiResponse::error('Forbidden: You do not have permission to edit the config file', null, 403);
            exit;
        } else {
            include '../app/templates/error-unauthorized.php';
            exit;
        }
    }

    // Apply rate limiting
    require '../app/includes/rate_limit_middleware.php';
    checkRateLimit($dbWeb, 'config', $userId);

    // Ensure no output before this point
    ob_clean();

    // For AJAX requests, get JSON data
    if ($isAjax) {
        // Get raw input
        $jsonData = file_get_contents('php://input');
        if ($jsonData === false) {
            $logObject->insertLog($userId, "Failed to read request data for config update", 'system');
            ApiResponse::error('Failed to read request data');
            exit;
        }

        // Try to parse JSON
        $postData = json_decode($jsonData, true);
        if (json_last_error() !== JSON_ERROR_NONE) {
            $error = json_last_error_msg();
            ApiResponse::error('Invalid JSON data received: ' . $error);
            exit;
        }

        // Try to update config file
        $result = $configObject->editConfigFile($postData, $config_file);
        if ($result['success']) {
            ApiResponse::success($result['updated'], 'Config file updated successfully');
        } else {
            ApiResponse::error($result['error']);
        }
        exit;
    } else {
        // Handle non-AJAX POST
        $result = $configObject->editConfigFile($_POST, $config_file);
        if ($result['success']) {
            Feedback::flash('NOTICE', 'DEFAULT', 'Config file updated successfully', true);
        } else {
            Feedback::flash('ERROR', 'DEFAULT', "Error updating config file: " . $result['error'], true);
        }

        header('Location: ' . htmlspecialchars($app_root) . '?page=config');
        exit;
    }
}

// Only include template for non-AJAX requests
if (!$isAjax) {
    /**
     * Handles GET requests to display templates.
     */

    if ($userObject->hasRight($userId, 'view config file')) {
        include '../app/templates/config.php';
    } else {
        $logObject->insertLog($userId, "Unauthorized: User \"$currentUser\" tried to access \"config\" page. IP: $user_IP", 'system');
        include '../app/templates/error-unauthorized.php';
    }
}
Separates app code from public files. 2024-08-12 11:12:24 +00:00			`<?php`

Adds phpdoc comments 2024-12-04 10:13:33 +00:00			`/**`
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`* Config management.`
Adds phpdoc comments 2024-12-04 10:13:33 +00:00			`*`
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`* This page handles the config file.`
Adds phpdoc comments 2024-12-04 10:13:33 +00:00			`*/`

Renames messages to feedback 2025-02-17 08:24:50 +00:00			`// Get any new feedback messages`
Reorganizes helper include files 2025-02-17 14:50:57 +00:00			`include '../app/helpers/feedback.php';`
Adds the new messages system to all pages 2025-01-13 08:45:31 +00:00
Moves the platforms config from flat file to SQLite DB 2024-09-04 09:53:02 +00:00			`require '../app/classes/config.php';`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`require '../app/classes/api_response.php';`
Platforms edit code 2024-08-18 19:12:45 +00:00
Fixes config file editing 2025-04-11 13:55:08 +00:00			`// Initialize required objects`
			`$userObject = new User($dbWeb);`
			`$configObject = new Config();`
Adds ratelimiting to some pages 2025-02-17 13:15:05 +00:00
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`// For AJAX requests`
Fixes config editing 2025-04-11 15:29:47 +00:00			`$isAjax = !empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&`
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';`

Fixes config editing 2025-04-11 15:29:47 +00:00			`// Set JSON content type for AJAX requests`
			`if ($isAjax) {`
			`header('Content-Type: application/json');`
			`}`

Fixes config file editing 2025-04-11 13:55:08 +00:00			`// Ensure config file path is set`
			`if (!isset($config_file) \|\| empty($config_file)) {`
			`if ($isAjax) {`
			`ApiResponse::error('Config file path not set');`
Fixes config editing 2025-04-11 15:29:47 +00:00			`exit;`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`} else {`
			`Feedback::flash('ERROR', 'DEFAULT', 'Config file path not set');`
			`header('Location: ' . htmlspecialchars($app_root));`
Fixes config editing 2025-04-11 15:29:47 +00:00			`exit;`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`}`
			`}`

Enhances messages system with JS-based messages 2025-01-23 12:06:36 +00:00			`// Check if file is writable`
			`$isWritable = is_writable($config_file);`
			`$configMessage = '';`
			`if (!$isWritable) {`
Renames messages to feedback 2025-02-16 08:18:26 +00:00			`$configMessage = Feedback::render('ERROR', 'DEFAULT', 'Config file is not writable', false);`
Fixes config editing 2025-04-11 15:29:47 +00:00			`if ($isAjax) {`
			`ApiResponse::error('Config file is not writable', null, 403);`
			`exit;`
			`}`
Enhances messages system with JS-based messages 2025-01-23 12:06:36 +00:00			`}`

Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`if ($_SERVER['REQUEST_METHOD'] === 'POST') {`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`// Check if user has permission to edit config`
Standartizes $userId as user ID variable in whole app 2025-04-14 07:39:58 +00:00			`if (!$userObject->hasRight($userId, 'edit config file')) {`
			`$logObject->insertLog($userId, "Unauthorized: User \"$currentUser\" tried to edit config file. IP: $user_IP", 'system');`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`if ($isAjax) {`
			`ApiResponse::error('Forbidden: You do not have permission to edit the config file', null, 403);`
Fixes config editing 2025-04-11 15:29:47 +00:00			`exit;`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`} else {`
			`include '../app/templates/error-unauthorized.php';`
Fixes config editing 2025-04-11 15:29:47 +00:00			`exit;`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`}`
			`}`

Adds ratelimiting to some pages 2025-02-17 13:15:05 +00:00			`// Apply rate limiting`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`require '../app/includes/rate_limit_middleware.php';`
Standartizes $userId as user ID variable in whole app 2025-04-14 07:39:58 +00:00			`checkRateLimit($dbWeb, 'config', $userId);`
Adds ratelimiting to some pages 2025-02-17 13:15:05 +00:00
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`// Ensure no output before this point`
			`ob_clean();`

			`// For AJAX requests, get JSON data`
			`if ($isAjax) {`
			`// Get raw input`
			`$jsonData = file_get_contents('php://input');`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`if ($jsonData === false) {`
Standartizes $userId as user ID variable in whole app 2025-04-14 07:39:58 +00:00			`$logObject->insertLog($userId, "Failed to read request data for config update", 'system');`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`ApiResponse::error('Failed to read request data');`
Fixes config editing 2025-04-11 15:29:47 +00:00			`exit;`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`}`
Fixes config editing JS messages 2025-01-26 15:32:37 +00:00
Fixes config file editing 2025-04-11 13:55:08 +00:00			`// Try to parse JSON`
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`$postData = json_decode($jsonData, true);`
			`if (json_last_error() !== JSON_ERROR_NONE) {`
Fixes config editing JS messages 2025-01-26 15:32:37 +00:00			`$error = json_last_error_msg();`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`ApiResponse::error('Invalid JSON data received: ' . $error);`
Fixes config editing 2025-04-11 15:29:47 +00:00			`exit;`
Adds editing of the config file 2024-11-01 16:23:40 +00:00			`}`

Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`// Try to update config file`
			`$result = $configObject->editConfigFile($postData, $config_file);`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`if ($result['success']) {`
			`ApiResponse::success($result['updated'], 'Config file updated successfully');`
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`} else {`
Fixes config file editing 2025-04-11 13:55:08 +00:00			`ApiResponse::error($result['error']);`
Fixes agent config 2024-09-22 09:26:19 +00:00			`}`
Fixes config editing 2025-04-11 15:29:47 +00:00			`exit;`
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`} else {`
Fixes config editing 2025-04-11 15:29:47 +00:00			`// Handle non-AJAX POST`
			`$result = $configObject->editConfigFile($_POST, $config_file);`
			`if ($result['success']) {`
			`Feedback::flash('NOTICE', 'DEFAULT', 'Config file updated successfully', true);`
			`} else {`
			`Feedback::flash('ERROR', 'DEFAULT', "Error updating config file: " . $result['error'], true);`
			`}`
Adds platform editing code 2024-08-19 10:25:09 +00:00
Fixes config editing 2025-04-11 15:29:47 +00:00			`header('Location: ' . htmlspecialchars($app_root) . '?page=config');`
			`exit;`
			`}`
Platforms edit code 2024-08-18 19:12:45 +00:00			`}`
Separates app code from public files. 2024-08-12 11:12:24 +00:00
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`// Only include template for non-AJAX requests`
			`if (!$isAjax) {`
HTML fixes 2025-01-26 17:07:07 +00:00			`/**`
			`* Handles GET requests to display templates.`
			`*/`

Standartizes $userId as user ID variable in whole app 2025-04-14 07:39:58 +00:00			`if ($userObject->hasRight($userId, 'view config file')) {`
HTML fixes 2025-01-26 17:07:07 +00:00			`include '../app/templates/config.php';`
			`} else {`
Standartizes $userId as user ID variable in whole app 2025-04-14 07:39:58 +00:00			`$logObject->insertLog($userId, "Unauthorized: User \"$currentUser\" tried to access \"config\" page. IP: $user_IP", 'system');`
HTML fixes 2025-01-26 17:07:07 +00:00			`include '../app/templates/error-unauthorized.php';`
			`}`
Updates design of config page, adds ajax 2025-01-23 10:42:27 +00:00			`}`