OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
reader
/
creamapi
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
11/28/2024 11:03:35 AM
rwxrwxr-x
📄
api.php
1.35 KB
10/22/2024 07:13:21 AM
rw-r--r--
📄
db.php
355 bytes
10/22/2024 07:13:21 AM
rw-r--r--
📄
fetch_data.php
3.65 KB
10/23/2024 05:21:21 AM
rw-r--r--
📄
generate_token.php
1.34 KB
10/22/2024 07:13:22 AM
rw-r--r--
📄
proxy_fetch_data.php
932 bytes
10/22/2024 07:13:22 AM
rw-r--r--
📄
zfetch_data.php
1.89 KB
10/22/2024 07:13:22 AM
rw-r--r--
Editing: fetch_data.php
Close
<?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); // include '../inc/validate.logged.php'; include 'db.php'; $api_key = isset($_GET['api_key']) ? trim($_GET['api_key']) : null; $secret_key = isset($_GET['secret_key']) ? trim($_GET['secret_key']) : null; $action = isset($_GET['action']) ? trim($_GET['action']) : null; header('Content-Type: application/json; charset=UTF-8'); if (!$api_key || !$secret_key) { echo json_encode(['error' => 'API key and Secret key are required']); exit; } // Check if the action is 'count' if ($action === 'count') { $query = "SELECT COUNT(*) as total_count FROM api_tokens INNER JOIN user_collection ON api_tokens.user_id = user_collection.user_id WHERE api_tokens.api_token = ? AND api_tokens.access_key = ?;"; $stmt = $mysqli->prepare($query); if ($stmt === false) { echo json_encode(['error' => 'Failed to prepare SQL statement: ' . $mysqli->error]); exit; } $stmt->bind_param("ss", $api_key, $secret_key); if (!$stmt->execute()) { echo json_encode(['error' => 'Query execution failed: ' . $stmt->error]); exit; } $result = $stmt->get_result(); $row = $result->fetch_assoc(); echo json_encode(['status' => 'success', 'count' => $row['total_count']]); $stmt->close(); $mysqli->close(); exit; } // If the action is not 'count', fetch the data normally // Pagination and range parameters $limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 10; // Default limit is 10 $offset = isset($_GET['offset']) ? (int)$_GET['offset'] : 0; // Default offset is 0 $sort_order = isset($_GET['sort_order']) && strtolower($_GET['sort_order']) === 'desc' ? 'DESC' : 'ASC'; // Default is 'ASC' // Validate $limit and $offset if ($limit < 1) { $limit = 10; } if ($offset < 0) { $offset = 0; } // Set a maximum limit to prevent abuse $max_limit = 100; if ($limit > $max_limit) { $limit = $max_limit; } // Since MySQL doesn't support binding parameters for LIMIT and OFFSET, include them directly in the query $query = "SELECT user_collection.title, user_collection.description, user_collection.url, user_collection.date_added FROM api_tokens INNER JOIN user_collection ON api_tokens.user_id = user_collection.user_id WHERE api_tokens.api_token = ? AND api_tokens.access_key = ? ORDER BY user_collection.date_added $sort_order LIMIT $limit OFFSET $offset;"; // Now prepare the statement $stmt = $mysqli->prepare($query); if ($stmt === false) { echo json_encode(['error' => 'Failed to prepare SQL statement: ' . $mysqli->error]); exit; } // Only bind the api_key and secret_key $stmt->bind_param("ss", $api_key, $secret_key); if (!$stmt->execute()) { echo json_encode(['error' => 'Query execution failed: ' . $stmt->error]); exit; } $result = $stmt->get_result(); $data = []; if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { $data[] = [ 'title' => $row['title'] ?? '', 'url' => $row['url'] ?? 'N/A', 'description' => $row['description'] ?? 'N/A', 'date_added' => $row['date_added'] ?? '' ]; } echo json_encode([ 'status' => 'success', 'data' => $data, 'total_records' => $result->num_rows ], JSON_UNESCAPED_UNICODE); } else { echo json_encode([ 'status' => 'success', 'data' => [], 'message' => 'No matching records found.' ]); } $stmt->close(); $mysqli->close(); ?>