Skip to content

Instantly share code, notes, and snippets.

@daohoangson

daohoangson/build.php

Last active December 15, 2017 07:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save daohoangson/b37d069bc0902b29b8295e555dac9351 to your computer and use it in GitHub Desktop.
Save daohoangson/b37d069bc0902b29b8295e555dac9351 to your computer and use it in GitHub Desktop.
Download ZIP
Simple script demo for [bd] API add-on for XenForo (https://github.com/xfrocks/bdApi). For complete demo, see http://j.mp/1BA1CzC
Raw
build.php
<?php declare(strict_types=1);
$inputPath = __DIR__ . '/script.php';
$outputPath = __DIR__ . '/script.min.php';
$markerStart = "/* API SCRIPT FUNCTIONS START */\n";
$markerEnd = "/* API SCRIPT FUNCTIONS END */\n";
$lines = file($inputPath);
$f = fopen($outputPath, 'w');
$buffer = null;
foreach ($lines as $line) {
switch ($line) {
case $markerStart:
$buffer = [];
break;
case $markerEnd:
$source = base64_encode(gzdeflate(implode('', $buffer), 9));
$evalBefore = 'eval(gzinflate(base64_decode(';
$evalAfter = ")));\n";
fwrite($f, $evalBefore);
$bufferLineIndent = ' ';
for ($i = 0, $l = strlen($source); $i < $l;) {
$bufferLineLength = 100;
if ($i === 0) {
$bufferLineLength -= strlen($evalBefore) - strlen($bufferLineIndent);
} else {
fwrite($f, " .\n" . $bufferLineIndent);
}
$bufferLine = substr($source, $i, $bufferLineLength);
fwrite($f, var_export($bufferLine, true));
$i += $bufferLineLength;
}
fwrite($f, $evalAfter);
$buffer = null;
break;
default:
if ($buffer === null) {
fwrite($f, $line);
} else {
$line = trim($line);
$buffer[] = $line;
}
}
}
fclose($f);
$inputSize = filesize($inputPath);
$outputSize = filesize($outputPath);
$deltaSize = $inputSize - $outputSize;
echo(sprintf("filesize reduction %d bytes (%.2f%%)\n", $deltaSize, $deltaSize / $inputSize * 100));
Raw
script.min.php
<?php
define('API_SCRIPT_ROOT', 'https://xfrocks.com/api');
define('API_SCRIPT_CLIENT_ID', 'gljf4391k3');
define('API_SCRIPT_CLIENT_SECRET', 'zw3lj0zox6be4z2');
eval(gzinflate(base64_decode('rVVRb9pADP4rrsR6iZaN7nFCbKtYWqExQJA+TIidsuDArSEX5S4rFeW/z3chEFiG9rCnJLbP/vz' .
'58yUu0kgLmUKYiWmUi0zfo76NIlQqkI+YOq1CYZ6Ga/SglYVKPcl8Qa+RlI8Ch2SHLqRFkrjbWOYYRitwZux23OfT3qQ/DvhkNAq' .
'YV7f0Bn1/GPD+50bz1O9N/IDNIVTQOoDqyVTpMNUubEUMztUCY5HiwmmIoBC9yuUTpPgE/ibCzPTnqCwXqY4d9krBulAafiDss1w' .
'xr6mU29ntTLGTXrv7bmF7SkFTf/AWWI1K1rHphOJKE5ZlPbEL19cglELttHhvNPrS92c199x0laMu8hQa/Z1dS5sahOTQyFgqPQo' .
'Lvfr7IN3OZURkTszRuvkD3BAYQloa607KbFHMWGjb5vaLzT3QYo2OC68PAbjJRI6KC3IT0VVvjcc7u7hJpQ/Uz1eqHx4pdrctSlo' .
'kmnj4FIsE+RI1j2SqMdXKOZOlmU9bpAvcvM1W2UfDj2qv8Voa0sriXUZBJxUsY1c1ysqCtQEZfdA8fippxvHJPPkCI7nAKpj4yAs' .
'8pgrzPHx27AkXXl7gaq8EY5gxg4vN/yhQUVYPamLqX2SwbcUCk4UivDO2zEn9XD9nyKD7AVgVRetanbWOY6ZjiLUfrgkWJYKI56J' .
'0NO3IIUZhRB39Ja68FOadFl0vXYiKPCHhCO24HftOZMmM+IpWHvQeJoORGbAfPEyGweR2OL3zJx68uxBLDw8ui8Nqol0K8kKm8Wg' .
'aXK5lIu76/uDzlAZQsu52aqq1B3GDkTm2zxMlUmH5/f9kdbpjF+XVJKsAld3A+1wWmXJsrVIS1NfSGPsLNRBKu9vzjTnxHuvGYaK' .
'QFqdyU5dZjkuusoRGzdqz7zdv3s/b7Cy/B2/eeTCe+Pd8Oh70Az4ccf/rOPhGZNVSWYB8HWYOo//ArzCp5yk5i2SR6iM81972N0e' .
'Aht3yDq+YNO2Wu8ftKXVC5L6hw3+xKdz+5oqKx/3vTaTV7A6e+jGzT/Ma+v3cz4HuTmH8Bg==')));
if (empty($_SERVER['PHP_AUTH_USER']) ||
empty($_SERVER['PHP_AUTH_PW']) ||
!($accessToken = apiScriptGetAccessToken($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
) {
header('WWW-Authenticate: Basic realm="Area 51"');
header('HTTP/1.1 401 Unauthorized');
die('Please authenticate with a valid username and password.');
}
if (!($user = apiScriptGetUserMe($accessToken)) ||
!apiScriptTestUserGroups($user, '3,4')
) {
header('HTTP/1.1 403 Forbidden');
die('Your account does not have enough permission.');
}
echo 'Welcome ', $user['username'], '. You have been granted access!';
Raw
script.php
<?php
define('API_SCRIPT_ROOT', 'https://xfrocks.com/api');
define('API_SCRIPT_CLIENT_ID', 'gljf4391k3');
define('API_SCRIPT_CLIENT_SECRET', 'zw3lj0zox6be4z2');
/* API SCRIPT FUNCTIONS START */
function apiScriptGetAccessToken($username, $password, $cookieName = null)
{
foreach ([
'API_SCRIPT_ROOT',
'API_SCRIPT_CLIENT_ID',
'API_SCRIPT_CLIENT_SECRET'
] as $apiScriptConstant) {
if (!defined($apiScriptConstant)) {
throw new Exception(sprintf('%s must be defined!', $apiScriptConstant));
}
}
if ($cookieName === null) {
$cookieName = API_SCRIPT_CLIENT_ID . 'AccessToken';
}
if (is_string($cookieName) && isset($_COOKIE[$cookieName])) {
return $_COOKIE[$cookieName];
}
$token = apiScriptPostOauthToken($username, $password);
if (is_string($cookieName) && strlen($cookieName) > 0) {
setcookie($cookieName, $token['access_token'], time() + $token['expires_in']);
}
return $token['access_token'];
}
function apiScriptGetUserMe($accessToken)
{
$result = @file_get_contents(API_SCRIPT_ROOT . '/index.php?users/me&oauth_token=' . $accessToken);
if (!is_string($result)) {
return null;
}
$json = @json_decode($result, true);
if (!is_array($json) || !isset($json['user'])) {
return null;
}
return $json['user'];
}
function apiScriptPostOauthToken($username, $password)
{
$fields = [
'grant_type' => 'password',
'username' => $username,
'password' => $password,
'client_id' => API_SCRIPT_CLIENT_ID,
'client_secret' => API_SCRIPT_CLIENT_SECRET
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, API_SCRIPT_ROOT . '/index.php?oauth/token');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
$result = @curl_exec($ch);
curl_close($ch);
$json = @json_decode($result, true);
if (!is_array($json) || !isset($json['access_token'])) {
return null;
}
return $json;
}
function apiScriptTestUserGroups(array $user, $groupIdsList)
{
if (!is_string($groupIdsList)) {
return false;
}
$groupIds = preg_split('/[^0-9]/', $groupIdsList, -1, PREG_SPLIT_NO_EMPTY);
$groupIds = array_map('intval', $groupIds);
if (count($groupIds) === 0) {
return true;
}
if (!isset($user['user_groups'])) {
return false;
}
foreach ($user['user_groups'] as $userGroup) {
if (in_array($userGroup['user_group_id'], $groupIds, true)) {
return true;
}
}
return false;
}
/* API SCRIPT FUNCTIONS END */
if (empty($_SERVER['PHP_AUTH_USER']) ||
empty($_SERVER['PHP_AUTH_PW']) ||
!($accessToken = apiScriptGetAccessToken($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
) {
header('WWW-Authenticate: Basic realm="Area 51"');
header('HTTP/1.1 401 Unauthorized');
die('Please authenticate with a valid username and password.');
}
if (!($user = apiScriptGetUserMe($accessToken)) ||
!apiScriptTestUserGroups($user, '3,4')
) {
header('HTTP/1.1 403 Forbidden');
die('Your account does not have enough permission.');
}
echo 'Welcome ', $user['username'], '. You have been granted access!';
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment