Gestionnaire de fichiers

Gestionnaire de fichiers - Editer - /home/pack/api-secure/config-secure.php

Arrière
<?php /* =========================================================== PACK BEACON – SECURE API CONFIG Version: Secure API v1 Author: ChatGPT Description: - ใช้ร่วมกับ API ที่ต้องการ Token + Signature + Timestamp - ป้องกันการปลอม request / replay attack =========================================================== / / =========================================================== SECURITY =========================================================== / define("API_TOKEN", "PACKBEACON2025"); define("API_SECRET", "PackBeacon@Secure!"); / Timestamp ใช้ได้ภายในกี่วินาที → ป้องกัน Replay Attack / define("TIMESTAMP_WINDOW", 60 5); // 5 นาที /* =========================================================== DATABASE CONNECTION =========================================================== / $DB_HOST = "localhost"; $DB_USER = "pack"; $DB_PASS = "@pack2025"; $DB_NAME = "pack"; / $DB_HOST = "localhost"; $DB_USER = "root"; $DB_PASS = ""; $DB_NAME = "pack_beacon"; / $conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME); if ($conn->connect_error) { http_response_code(500); die(json_encode([ "status" => "error", "message" => "Database connection failed" ])); } $conn->set_charset("utf8mb4"); / =========================================================== JSON RESPONSE HELPER =========================================================== / function api_json($arr) { header("Content-Type: application/json; charset=utf-8"); echo json_encode($arr, JSON_UNESCAPED_UNICODE); exit; } / =========================================================== CREATE SIGNATURE raw_data = ตัวข้อมูล JSON (string) timestamp = UNIX Time =========================================================== / function make_signature($raw_data, $timestamp) { return hash_hmac( "sha256", API_TOKEN . "\|" . $timestamp . "\|" . $raw_data, API_SECRET ); } / =========================================================== VERIFY SIGNATURE =========================================================== / function verify_signature($client_token, $client_timestamp, $client_signature, $raw_data) { // เช็ค Token ถูกต้อง if ($client_token !== API_TOKEN) { return "Invalid API token"; } // Timestamp ต้องไม่เกินเวลาที่กำหนด if (abs(time() - $client_timestamp) > TIMESTAMP_WINDOW) { return "Request timestamp expired"; } // Signature ฝั่ง server $server_sig = make_signature($raw_data, $client_timestamp); if (!hash_equals($server_sig, $client_signature)) { return "Invalid signature"; } return true; } / =========================================================== GET RAW JSON INPUT =========================================================== */ function get_raw_post() { return file_get_contents("php://input"); } ?>

| ver. 1.4 | Github | . | PHP 7.4.33 | Génération de la page: 0.24 | proxy | phpinfo | Réglages