Hamza/jordan_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fefe913ab7120ba71d36c03e923c1703e53b6ef3
jordan_bot/backend/config/db.php
Hamza-Ayed fefe913ab7 Update: 2026-05-15 04:16:32
2026-05-15 04:16:32 +03:00

80 lines
2.6 KiB
PHP
Raw Blame History

<?php
// backend/config/db.php
header('Content-Type: application/json');
require_once __DIR__ . '/../vendor/autoload.php';
use Dotenv\Dotenv;
// Try to load .env from multiple possible locations
$envLoaded = false;
$searchPaths = [
__DIR__ . '/../..', // jordan_bot/
__DIR__ . '/../../..', // lawer.tripz-egypt.com/
__DIR__ . '/../../../..', // htdocs/
__DIR__ . '/../../../../..', // home directory
posix_getpwuid(posix_getuid())['dir'] ?? '', // PHP-detected home dir
];
foreach ($searchPaths as $path) {
if (!empty($path) && file_exists($path . '/.env')) {
try {
$dotenv = Dotenv::createImmutable($path);
$dotenv->load();
$envLoaded = true;
break;
} catch (Exception $e) {
// Try next path
}
}
}
if (!$envLoaded) {
http_response_code(500);
echo json_encode([
'success' => false,
'message' => '.env file not found. Searched paths: ' . implode(', ', array_filter($searchPaths))
]);
exit;
}
// Security: API Key Validation
$expectedApiKey = $_ENV['API_KEY'] ?? 'JORDAN_BOT_SECRET_2026'; // Fallback if not in .env
$headers = getallheaders();
$providedKey = $headers['X-API-Key'] ?? ($headers['x-api-key'] ?? null);
if ($providedKey !== $expectedApiKey) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Unauthorized: Invalid or missing API Key']);
exit;
}
// Extra Security: App Signature Fingerprint Validation (Optional)
$expectedAppSignature = $_ENV['APP_SIGNATURE_SHA256'] ?? null;
if (!empty($expectedAppSignature)) {
$providedSignature = $headers['X-App-Signature'] ?? ($headers['x-app-signature'] ?? null);
// Ignore case and compare
if (strcasecmp($providedSignature, $expectedAppSignature) !== 0) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Forbidden: Invalid App Signature (Anti-Tamper)']);
exit;
}
}
$host = $_ENV['DB_HOST'] ?? 'localhost';
$dbname = $_ENV['DB_NAME'] ?? 'jordan_bot_db';
$username = $_ENV['DB_USER'] ?? 'root';
$password = $_ENV['DB_PASS'] ?? '';
try {
$pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8", $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database connection failed: ' . $e->getMessage()]);
exit;
}
?>
Reference in New Issue View Git Blame Copy Permalink