Server->documentRoot.'/error.log'); ini_set('session.use_cookies', 0); mb_internal_encoding( 'UTF-8' ); define('HUB_PATH_TO_APP_LIBRARY','/home/ddigital/ddapp/'); require HUB_PATH_TO_APP_LIBRARY.'content.security.policy.inc.php'; //require HUB_PATH_TO_APP_LIBRARY.'cors.headers.inc.php'; require HUB_PATH_TO_APP_LIBRARY.'hub.defs/hub.def.inc.php'; require HUB_PATH_TO_APP_LIBRARY.'database.handling.inc.php'; require HUB_PATH_TO_APP_LIBRARY.'error.handler.inc.php'; require HUB_PATH_TO_APP_LIBRARY.'server.sanitize.inc.php'; require HUB_PATH_TO_APP_LIBRARY.'registry.inc.php'; initializeRegistry(); $registry = Registry::getInstance(); $serverSanitizer = new ServerSanitize(); $serverSanitizer->setAllowedOrigins(['app.dyna.digital', 'dyna.digital']); echoContentSecurityPolicy(); //echoCORSHeaders($serverSanitizer); $response=[]; $inputJSON = file_get_contents('php://input'); // Get raw JSON input $input = json_decode($inputJSON, true); // Decode it to an array $cmd = $input['cmd'] ?? null; if(!$cmd && isset($_GET['cmd'])){ // this happens on CMS_IIF Initialize Iframe $cmd = $_GET['cmd']; } $token = $input['token'] ?? null; $username = $input['username'] ?? null; $password = $input['password'] ?? null; $login = $input['login'] ?? null; $app = $input['app'] ?? null; $domainName = $input['domainName'] ?? null; require HUB_PATH_TO_APP_LIBRARY.'authenticate.inc.php'; // if an domain name was provided, ensure it is valid if($domainName){ if(!file_exists(HUB_PATH_TO_SITES.$domainName)){ ErrorHandler::handleError('fatal', __FILE__, __LINE__, "The website name in the browser URL ($domainName) is not on this system (e.g. /mydomain.ca/)", 'VALIDATION_ERROR', null, ['label' => 'S Error', 'method' => 'reportError']); } }else{ ErrorHandler::handleError('fatal', __FILE__, __LINE__, "You must include a domain name in the URL to log in (e.g. /mydomain.ca/)", 'VALIDATION_ERROR', null, ['label' => 'S Error', 'method' => 'reportError']); } $registry->domain->name = $domainName; if($cmd){ // validate commands here if ($login == 'login'){ $result = Authentication::authenticate($username, $password); echo json_encode($result); flush(); die; $registry->user->permittedApps = $result['appList']; $registry->user->permittedDomains = $auth['domainList']; } require HUB_PATH_TO_SITES.$registry->domain->name.'/config/site.def.inc.php';// the site def has the version number if you decide to use it if(1==1 || SITE_TEST_MODE == 1){ ini_set('display_errors', 1); ini_set('display_startup_errors', 1); }else{ ini_set('display_errors', 0); ini_set('display_startup_errors', 0); } $sysValidCommands = HUB_VALID_COMMANDS; $sysValidApps = ['PREVIEW']; if($registry->user->permittedApps == '*' || strpos($registry->user->permittedApps,'OUTAGE') !== false){ // user has permission for outage maintenance require HUB_PATH_TO_APP_LIBRARY.'hub.defs/outage.def.inc.php'; $sysValidCommands = array_merge($sysValidCommands, OUTAGE_VALID_COMMANDS); $sysValidApps.='OUTAGE'; } if($registry->user->permittedApps == '*' || strpos($registry->user->permittedApps,'CMS') !== false){ // user has CMS permission require HUB_PATH_TO_APP_LIBRARY.'hub.defs/cms.def.inc.php'; $sysValidCommands = array_merge($sysValidCommands, CMS_VALID_COMMANDS); $sysValidApps.='CMS'; } $registry->instance->validCommands = $sysValidCommands; $registry->user->apps = $sysValidApps; if(!in_array($cmd, $registry->instance->validCommands)){ ErrorHandler::handleError('fatal', __FILE__, __LINE__, "Command does not have permission", 'VALIDATION_ERROR', null, ['label' => 'S Error', 'method' => 'reportError']); } require HUB_PATH_TO_APP_LIBRARY.'app.loader.inc.php'; commandProcessor($cmd,$result); header('Content-Type: application/json'); echo json_encode($result); // token and token expiry time on CLIENT }else{ ErrorHandler::handleError('fatal', __FILE__, __LINE__, "Invalid Command at Init", 'VALIDATION_ERROR', null, ['label' => 'S Error', 'method' => 'reportError']); } ?>