* - ?token= * * Usage: * GET/POST /push.php * GET/POST /push.php?token= * GET/POST /push.php (with header: Authorization: Bearer ) * * Always returns JSON. */ require_once __DIR__ . '/includes/auth.php'; require_once __DIR__ . '/includes/functions.php'; header('Content-Type: application/json'); // ── Auth ────────────────────────────────────────────────────────────────────── $session_ok = false; if (auth_enabled()) { if (session_status() === PHP_SESSION_NONE) { session_start(); } $session_ok = !empty($_SESSION['authenticated']); } $token_ok = false; if (TRIGGER_TOKEN !== '') { $provided = ''; $auth_header = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if (str_starts_with($auth_header, 'Bearer ')) { $provided = substr($auth_header, 7); } if ($provided === '' && isset($_REQUEST['token'])) { $provided = $_REQUEST['token']; } $token_ok = $provided !== '' && hash_equals(TRIGGER_TOKEN, $provided); } if (!$session_ok && !$token_ok) { http_response_code(401); echo json_encode(['error' => 'Unauthorized']); exit; } // ── Run push ────────────────────────────────────────────────────────────────── $started_at = microtime(true); $threshold = (int)get_setting('frequent_ip_threshold', '5'); $rows = frequent_ips($threshold); $results = []; $expire_date = date('ymdHis', strtotime('+6 months')); foreach ($rows as $row) { $ip = $row['src_ip']; $url = 'https://www.daprogs.com/api/ipban199/blacklist.php' . '?a=add&type=2&date=' . $expire_date . '&reason=portspoof&ip=' . urlencode($ip); $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, ]); curl_exec($ch); $http_code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); $results[] = [ 'ip' => $ip, 'http_code' => $http_code, 'ok' => ($http_code >= 200 && $http_code < 300), ]; } $elapsed_ms = (int)round((microtime(true) - $started_at) * 1000); echo json_encode([ 'ok' => true, 'elapsed_ms' => $elapsed_ms, 'threshold' => $threshold, 'pushed' => count($results), 'results' => $results, ], JSON_PRETTY_PRINT);