hasRight($userId, 'edit config file')) { $logObject->insertLog($userId, "Unauthorized: User \"$currentUser\" tried to edit config file. IP: $user_IP", 'system'); if ($isAjax) { ApiResponse::error('Forbidden: You do not have permission to edit the config file', null, 403); exit; } else { include '../app/templates/error-unauthorized.php'; exit; } } // Apply rate limiting require '../app/includes/rate_limit_middleware.php'; checkRateLimit($dbWeb, 'config', $userId); // Ensure no output before this point ob_clean(); // For AJAX requests, get JSON data if ($isAjax) { // Get raw input $jsonData = file_get_contents('php://input'); if ($jsonData === false) { $logObject->insertLog($userId, "Failed to read request data for config update", 'system'); ApiResponse::error('Failed to read request data'); exit; } // Try to parse JSON $postData = json_decode($jsonData, true); if (json_last_error() !== JSON_ERROR_NONE) { $error = json_last_error_msg(); ApiResponse::error('Invalid JSON data received: ' . $error); exit; } // Try to update config file $result = $configObject->editConfigFile($postData, $config_file); if ($result['success']) { ApiResponse::success($result['updated'], 'Config file updated successfully'); } else { ApiResponse::error($result['error']); } exit; } else { // Handle non-AJAX POST $result = $configObject->editConfigFile($_POST, $config_file); if ($result['success']) { Feedback::flash('NOTICE', 'DEFAULT', 'Config file updated successfully', true); } else { Feedback::flash('ERROR', 'DEFAULT', "Error updating config file: " . $result['error'], true); } header('Location: ' . htmlspecialchars($app_root) . '?page=config'); exit; } } // Only include template for non-AJAX requests if (!$isAjax) { /** * Handles GET requests to display templates. */ if ($userObject->hasRight($userId, 'view config file')) { include '../app/templates/config.php'; } else { $logObject->insertLog($userId, "Unauthorized: User \"$currentUser\" tried to access \"config\" page. IP: $user_IP", 'system'); include '../app/templates/error-unauthorized.php'; } }