Created
March 19, 2021 17:07
-
-
Save kyletaylored/726fecbdd9f618ccdb5d1a5a12cfa3c7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * This is a script to retrieve DB credentials for database connections | |
| * | |
| */ | |
| /** | |
| * Check IP address function | |
| */ | |
| function checkIPAddress() { | |
| $allowed_ips_array = file(getcwd() . "/private/dbcr/allowed_ips.txt", FILE_IGNORE_NEW_LINES) or die("Unable to open ip list file!"); | |
| $ipArrayLength = count($allowed_ips_array); | |
| if($ipArrayLength > 0) { | |
| if(in_array($_SERVER['REMOTE_ADDR'], $allowed_ips_array)) { | |
| return true; | |
| } else { | |
| header("HTTP/1.0 404 Not Found"); | |
| exit; | |
| } | |
| } else { | |
| return true; | |
| } | |
| } | |
| /** | |
| * Check authorization function | |
| */ | |
| function checkAuthCreds($posted_password, $db_values) { | |
| if(checkIPAddress()) { | |
| $auth_password_object = fopen(getcwd() . "/private/dbcr/creds_pass.txt", "r") or die("Unable to open authorization file!"); | |
| $auth_password = fgets($auth_password_object); | |
| $auth_password = str_replace("\r\n", "", $auth_password); | |
| $auth_password = str_replace("\r", "", $auth_password); | |
| $auth_password = str_replace("\n", "", $auth_password); | |
| fclose($auth_password_object); | |
| if ($posted_password == $auth_password) { | |
| getDBCreds($db_values); | |
| } else { | |
| print $posted_password; | |
| print $auth_password; | |
| print "Invalid credentials."; | |
| exit; | |
| } | |
| } | |
| } | |
| /** | |
| * Retrieve DB Credentials | |
| */ | |
| function getDBCreds($db_values) { | |
| if (isset($_ENV['PANTHEON_ENVIRONMENT']) || isset($_ENV['LANDO_DOMAIN'])) { | |
| switch ($db_values) { | |
| case "password": | |
| print $_ENV['DB_PASSWORD']; | |
| break; | |
| case "username": | |
| print $_ENV['DB_USER']; | |
| break; | |
| case "host": | |
| print $_ENV['DB_HOST']; | |
| break; | |
| case "port": | |
| print $_ENV['DB_PORT']; | |
| break; | |
| case "all": | |
| print "DBUsername: " . $_ENV['DB_USER'] . "\r\n"; | |
| print "DBPassword: " . $_ENV['DB_PASSWORD'] . "\r\n"; | |
| print "DBHost: " . $_ENV['DB_HOST'] . "\r\n"; | |
| print "DBPort: " . $_ENV['DB_PORT'] . "\r\n"; | |
| break; | |
| } | |
| } else { | |
| die("This script will not run outside of the Pantheon Platform"); | |
| } | |
| } | |
| /** | |
| * Init function to start execution of the script | |
| */ | |
| function credsInit() { | |
| if(isset($_GET['password'])) { | |
| if(!isset($_GET['db_values'])) { | |
| $db_value = "all"; | |
| } else { | |
| $db_value = $_GET['db_values']; | |
| } | |
| checkAuthCreds($_GET['password'], $db_value); | |
| } elseif(isset($_POST['password'])) { | |
| if(!isset($_POST['db_values'])) { | |
| $db_value = "all"; | |
| } else { | |
| $db_value = $_POST['db_values']; | |
| } | |
| checkAuthCreds($_POST['password'], $db_value); | |
| } else { | |
| print "Missing parameters."; | |
| exit; | |
| } | |
| } | |
| // Initiate the execution of the script. | |
| // First, let's make sure Pantheon CDN does not cache these results | |
| header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); | |
| header("Cache-Control: post-check=0, pre-check=0", false); | |
| header("Pragma: no-cache"); | |
| // Now let's execute... | |
| credsInit(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment