├── configuration.php
├── assets
    ├── index.html
    ├── css
    │   ├── index.html
    │   ├── select-search.min.css
    │   ├── select-search.css
    │   ├── style.min.css
    │   └── style.css
    └── js
    │   ├── index.html
    │   ├── variables.js
    │   ├── ip-address.min.js
    │   ├── currency-input.min.js
    │   ├── sign-in.min.js
    │   ├── ip-address.js
    │   ├── currency-input.js
    │   ├── sign-in.js
    │   ├── auto-complete.min.js
    │   ├── select-search.min.js
    │   ├── settings.min.js
    │   ├── search.min.js
    │   ├── auto-complete.js
    │   ├── provider.min.js
    │   ├── select-search.js
    │   ├── settings.js
    │   ├── provider.js
    │   └── search.js
├── includes
    ├── index.html
    └── functions.php
├── logs
    └── index.html
├── pages
    ├── index.html
    ├── json.user.php
    ├── json.currency.php
    ├── json.provider.php
    └── sign-in.php
├── storage
    └── index.html
├── libraries
    ├── index.html
    ├── autoload.php
    ├── Error
    │   └── Handler.php
    ├── Cookie
    │   └── Cookie.php
    ├── Session
    │   └── Session.php
    ├── Security
    │   └── Form.php
    ├── Http
    │   ├── Request.php
    │   └── Client.php
    └── SQLite
    │   └── Database.php
├── favicon.ico
├── api
    ├── .htaccess
    ├── config.php
    └── index.php
├── docker-compose.yml
├── LICENSE
├── index.php
├── 403.html
├── 50x.html
├── 404.html
├── install
    ├── tables.sql
    └── index.php
└── README.md


/configuration.php:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/assets/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/includes/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/logs/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/pages/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/storage/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/assets/css/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/assets/js/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/libraries/index.html:
--------------------------------------------------------------------------------
1 | Access denied.


--------------------------------------------------------------------------------
/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seikan/carotu/HEAD/favicon.ico


--------------------------------------------------------------------------------
/assets/js/variables.js:
--------------------------------------------------------------------------------
1 | const variables = {
2 | 	diskTypes: ['HDD', 'NVMe', 'SSD'],
3 | 	virtualizations: ['Dedicated', 'OpenStack', 'OpenVZ', 'HyperV', 'KVM', 'LXD', 'VMWare', 'XEN'],
4 | };
5 | 


--------------------------------------------------------------------------------
/libraries/autoload.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | spl_autoload_register(function ($class) {
 4 | 	$class = str_replace('\\', '/', $class);
 5 | 
 6 | 	$path = __DIR__ . '/' . $class . '.php';
 7 | 	if (is_readable($path)) {
 8 | 		require_once $path;
 9 | 
10 | 		return;
11 | 	}
12 | });
13 | 


--------------------------------------------------------------------------------
/assets/css/select-search.min.css:
--------------------------------------------------------------------------------
1 | .select-search{-webkit-user-select:none;-ms-user-select:none;user-select:none;}.select-search.disabled{background-color:var(--bs-secondary-bg);opacity:1;}.select-search.focus{border-color:#86b7fe;outline:0;box-shadow:0 0 0 .25rem rgba(13,110,253,.25);}.select-search-input:focus{border:var(--bs-border-width) solid var(--bs-border-color)!important;box-shadow:none!important;}.select-search-item a code{color:var(--bs-gray-700);background-color:var(--bs-warning-border-subtle);font-family:inherit;}


--------------------------------------------------------------------------------
/api/.htaccess:
--------------------------------------------------------------------------------
 1 | # Carotu API - Apache Rewrite Rules
 2 | 
 3 | RewriteEngine On
 4 | 
 5 | # Redirect all requests to index.php
 6 | RewriteCond %{REQUEST_FILENAME} !-f
 7 | RewriteCond %{REQUEST_FILENAME} !-d
 8 | RewriteRule ^(.*)$ index.php [QSA,L]
 9 | 
10 | # Security headers
11 | Header set X-Content-Type-Options "nosniff"
12 | Header set X-Frame-Options "DENY"
13 | Header set X-XSS-Protection "1; mode=block"
14 | 
15 | # Disable directory listing
16 | Options -Indexes
17 | 
18 | # Protect sensitive files
19 | <FilesMatch "^(config\.php|\.htaccess)$">
20 |     Order allow,deny
21 |     Deny from all
22 | </FilesMatch>
23 | 


--------------------------------------------------------------------------------
/assets/css/select-search.css:
--------------------------------------------------------------------------------
 1 | .select-search {
 2 | 	-webkit-user-select: none;
 3 | 	-ms-user-select: none;
 4 | 	user-select: none;
 5 | }
 6 | 
 7 | .select-search.disabled {
 8 | 	background-color: var(--bs-secondary-bg);
 9 | 	opacity: 1;
10 | }
11 | 
12 | .select-search.focus {
13 | 	border-color: #86b7fe;
14 | 	outline: 0;
15 | 	box-shadow: 0 0 0 0.25rem rgba(13, 110, 253, 0.25);
16 | }
17 | 
18 | .select-search-input:focus {
19 | 	border: var(--bs-border-width) solid var(--bs-border-color) !important;
20 | 	box-shadow: none !important;
21 | }
22 | 
23 | .select-search-item a code {
24 | 	color: var(--bs-gray-700);
25 | 	background-color: var(--bs-warning-border-subtle);
26 | 	font-family: inherit;
27 | }
28 | 


--------------------------------------------------------------------------------
/assets/js/ip-address.min.js:
--------------------------------------------------------------------------------
1 | class IpAddress{constructor(){this.address4=/^(\d{1,3}\.){3}\d{1,3}$/,this.address6=/^([\da-f]{1,4}:){7}[\da-f]{1,4}$/i}isAddress4(s){return!!this.address4.test(s)&&s.split(".").every((s=>parseInt(s)<=255))}isAddress6(s){return!!this.address6.test(this.expandAddress6(s))&&s.split(":").every((s=>s.length<=4))}expandAddress6(s){if(null===s.match(/:/g))return s;if(7===s.match(/:/g).length)return s;var r=0,t=[],d=s.split("::");d.forEach((function(s,t){r+=s.split(":").length})),t.push(d[0]);for(var e=0;e<8-r;e++)t.push("0000");return t.push(d[1]),t.filter((s=>s)).forEach((function(s,r){t[r]=t[r].toString().padStart(4,"0")})),t.join(":")}isValid(s){return this.isAddress4(s)||this.isAddress6(s)}}


--------------------------------------------------------------------------------
/assets/js/currency-input.min.js:
--------------------------------------------------------------------------------
1 | !function(i){i.fn.currencyInput=function(l){var e=i.extend({decimalDigit:2,decimalSymbol:"."},l);return i.each(this,(function(l,t){i(t).is("input")&&i(t).on("input",(function(){i(this).val(i(this).val().replace(new RegExp("[^0-9"+e.decimalSymbol+"]","g"),"")),i(this).val().indexOf(e.decimalSymbol)>-1&&i(this).val().match(new RegExp(e.decimalSymbol.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,"\\$&"),"g")).length>1&&i(this).val(i(this).val().slice(0,-1)),i(this).val(i(this).val().replace(e.decimalSymbol,"")),i(this).val().length>e.decimalDigit?(i(this).val().length>e.decimalDigit+1&&i(this).val(i(this).val().replace(/^0/,"")),i(this).val(i(this).val().slice(0,-1*e.decimalDigit)+e.decimalSymbol+i(this).val().slice(-1*e.decimalDigit))):i(this).val("0"+e.decimalSymbol+"0".repeat(e.decimalDigit).slice(0,-1*i(this).val().length)+i(this).val())}))})),this}}(jQuery);


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | services:
 2 |   carotu:
 3 |     image: php:8.4-apache
 4 |     container_name: carotu
 5 |     restart: unless-stopped
 6 |     ports:
 7 |       - "80:80"
 8 |     volumes:
 9 |       - .:/var/www/html
10 |       - ./storage:/var/www/html/storage
11 |     environment:
12 |       # Optional: For nginx-proxy setups, uncomment and configure:
13 |       # - VIRTUAL_HOST=inventory.yourdomain.com
14 |       # - LETSENCRYPT_HOST=inventory.yourdomain.com
15 |       # - LETSENCRYPT_EMAIL=admin@yourdomain.com
16 |       - VIRTUAL_PORT=80
17 |     # For nginx-proxy networks, uncomment:
18 |     # networks:
19 |     #   - webproxy
20 | 
21 |     # Enable Apache modules required for Carotu
22 |     command: >
23 |       bash -c "
24 |       a2enmod rewrite headers &&
25 |       docker-php-ext-install pdo pdo_sqlite &&
26 |       apache2-foreground
27 |       "
28 | 
29 | # Uncomment if using nginx-proxy:
30 | # networks:
31 | #   webproxy:
32 | #     external: true
33 | #     name: webproxy
34 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Sei Kan
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/assets/js/sign-in.min.js:
--------------------------------------------------------------------------------
1 | $((function(){$("#username, #password").on("input",(function(){$('button[type="submit"]').toggleClass("disabled",!($("#username").val()&&$("#password").val()))})),$("#toggle-password").on("click",(function(){$("#toggle-password i").toggleClass("bi-eye bi-eye-slash"),$('input[name="password"]').attr("type",(function(i,a){return"password"==a?"text":"password"}))})),$('button[type="submit"]').on("click",(function(i){i.preventDefault();var a=$(this),t=$("form").serialize();a.data("html",a.html()).css({width:a.outerWidth(),height:a.outerHeight()}).prop("disabled",!0).html('<div class="loader-inner ball-beat"><div></div><div></div><div></div></div>'),$("input").prop("disabled",!0),$(".is-invalid").removeClass("is-invalid"),$(".invalid-feedback").html(""),$.post("./user.json",t,(function(i){Object.keys(i.errors).length>0?$.each(i.errors,(function(i,a){$('[name="'+i+'"]').addClass("is-invalid"),$('[name="'+i+'"]').parent(".form-floating").addClass("is-invalid"),$("#"+i+"-feedback").html(a)})):window.location.href="./"}),"json").fail((function(){alert("Connection lost. Please try again.")})).always((function(i){a.prop("disabled",!1).html(a.data("html")),$("input").prop("disabled",!1),$('input[name="'+i.csrf.name+'"]').val(i.csrf.value)}))}))}));


--------------------------------------------------------------------------------
/libraries/Error/Handler.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Error;
 4 | 
 5 | class Handler
 6 | {
 7 | 	protected $callback;
 8 | 
 9 | 	public function __construct($callback = null)
10 | 	{
11 | 		if (!\is_callable($callback)) {
12 | 			throw new \Exception(__CLASS__ . ': Callback function is not defined.');
13 | 		}
14 | 
15 | 		$this->callback = $callback;
16 | 
17 | 		// Register error handlers
18 | 		set_error_handler([$this, 'errorHandler']);
19 | 		set_exception_handler([$this, 'exceptionHandler']);
20 | 		register_shutdown_function([$this, 'shutdownHandler']);
21 | 	}
22 | 
23 | 	public function errorHandler($code, $message, $file, $line)
24 | 	{
25 | 		if (error_reporting() == 0) {
26 | 			return;
27 | 		}
28 | 
29 | 		// Route error to exception handler
30 | 		$this->exceptionHandler(new \ErrorException($message, $code, 0, $file, $line));
31 | 	}
32 | 
33 | 	public function exceptionHandler($exception)
34 | 	{
35 | 		\call_user_func($this->callback, $exception->getFile(), $exception->getLine(), $exception->getMessage());
36 | 	}
37 | 
38 | 	public function shutdownHandler()
39 | 	{
40 | 		if (($error = error_get_last()) === null) {
41 | 			return;
42 | 		}
43 | 
44 | 		// Route error to exception handler
45 | 		$this->exceptionHandler(new \ErrorException($error['message'], $error['type'], 0, $error['file'], $error['line']));
46 | 	}
47 | }
48 | 


--------------------------------------------------------------------------------
/assets/js/ip-address.js:
--------------------------------------------------------------------------------
 1 | class IpAddress {
 2 | 	constructor() {
 3 | 		this.address4 = /^(\d{1,3}\.){3}\d{1,3}$/;
 4 | 		this.address6 = /^([\da-f]{1,4}:){7}[\da-f]{1,4}$/i;
 5 | 	}
 6 | 
 7 | 	isAddress4(ip) {
 8 | 		if (this.address4.test(ip)) {
 9 | 			return ip.split('.').every((part) => parseInt(part) <= 255);
10 | 		}
11 | 
12 | 		return false;
13 | 	}
14 | 
15 | 	isAddress6(ip) {
16 | 		if (this.address6.test(this.expandAddress6(ip))) {
17 | 			return ip.split(':').every((part) => part.length <= 4);
18 | 		}
19 | 
20 | 		return false;
21 | 	}
22 | 
23 | 	expandAddress6(ip) {
24 | 		if (ip.match(/:/g) === null) {
25 | 			return ip;
26 | 		}
27 | 
28 | 		// Check if groups of 8
29 | 		if (ip.match(/:/g).length === 7) {
30 | 			return ip;
31 | 		}
32 | 
33 | 		var currentGroup = 0;
34 | 		var groups = [];
35 | 
36 | 		// Split by empty groups
37 | 		var parts = ip.split('::');
38 | 
39 | 		parts.forEach(function (part, i) {
40 | 			currentGroup += part.split(':').length;
41 | 		});
42 | 
43 | 		groups.push(parts[0]);
44 | 
45 | 		for (var i = 0; i < 8 - currentGroup; i++) {
46 | 			groups.push('0000');
47 | 		}
48 | 
49 | 		groups.push(parts[1]);
50 | 
51 | 		groups
52 | 			.filter((ele) => ele)
53 | 			.forEach(function (group, i) {
54 | 				// Pad leading zeros
55 | 				groups[i] = groups[i].toString().padStart(4, '0');
56 | 			});
57 | 
58 | 		return groups.join(':');
59 | 	}
60 | 
61 | 	isValid(ip) {
62 | 		return this.isAddress4(ip) || this.isAddress6(ip);
63 | 	}
64 | }
65 | 


--------------------------------------------------------------------------------
/api/config.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * Carotu REST API Configuration
 4 |  *
 5 |  * This is a SEPARATE configuration file from the main Carotu configuration.php
 6 |  *
 7 |  * WHY SEPARATE CONFIG?
 8 |  * - The main Carotu uses configuration.php for web UI authentication
 9 |  * - The API has different requirements: API keys, CORS, error logging
10 |  * - Keeps API authentication independent from web UI authentication
11 |  * - Allows API to be deployed separately or alongside the main app
12 |  * - Security: API keys are not stored in the same config as web UI credentials
13 |  */
14 | 
15 | // Database configuration
16 | // Adjust the path based on your Carotu installation
17 | define('DB_PATH', __DIR__ . '/../storage/101f3db57a6da54b248f09f2986ba794.sqlite');
18 | 
19 | // API Configuration
20 | define('API_VERSION', '1.0');
21 | define('API_KEY_HEADER', 'X-API-Key');
22 | 
23 | // Valid API keys
24 | // Generate secure keys with: openssl rand -hex 32
25 | $VALID_API_KEYS = [
26 |     'your-secure-api-key-here',  // Replace with your actual API key
27 |     // Add more API keys as needed for different clients
28 | ];
29 | 
30 | // CORS Configuration
31 | // For production, change '*' to your specific domain
32 | define('CORS_ALLOWED_ORIGINS', '*');
33 | define('CORS_ALLOWED_METHODS', 'GET, POST, PUT, DELETE, OPTIONS');
34 | define('CORS_ALLOWED_HEADERS', 'Content-Type, Authorization, X-API-Key');
35 | 
36 | // Timezone
37 | date_default_timezone_set('UTC');
38 | 
39 | // Error reporting
40 | error_reporting(E_ALL);
41 | ini_set('display_errors', 0);  // Set to 0 in production
42 | ini_set('log_errors', 1);
43 | ini_set('error_log', __DIR__ . '/api_errors.log');
44 | 


--------------------------------------------------------------------------------
/assets/js/currency-input.js:
--------------------------------------------------------------------------------
 1 | (function ($) {
 2 | 	$.fn.currencyInput = function (options) {
 3 | 		var settings = $.extend(
 4 | 			{
 5 | 				decimalDigit: 2,
 6 | 				decimalSymbol: '.',
 7 | 			},
 8 | 			options
 9 | 		);
10 | 
11 | 		$.each(this, function (i, input) {
12 | 			// Make sure it's a valid input field
13 | 			if (!$(input).is('input')) {
14 | 				return;
15 | 			}
16 | 
17 | 			$(input).on('input', function () {
18 | 				// Accept only numbers and dot
19 | 				$(this).val(
20 | 					$(this)
21 | 						.val()
22 | 						.replace(new RegExp('[^0-9' + settings.decimalSymbol + ']', 'g'), '')
23 | 				);
24 | 
25 | 				// Allow only one decimal point
26 | 				if ($(this).val().indexOf(settings.decimalSymbol) > -1) {
27 | 					if (
28 | 						$(this)
29 | 							.val()
30 | 							.match(new RegExp(settings.decimalSymbol.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&'), 'g')).length > 1
31 | 					) {
32 | 						$(this).val($(this).val().slice(0, -1));
33 | 					}
34 | 				}
35 | 
36 | 				// Remove decimal symbol for further processing
37 | 				$(this).val($(this).val().replace(settings.decimalSymbol, ''));
38 | 
39 | 				if ($(this).val().length > settings.decimalDigit) {
40 | 					if ($(this).val().length > settings.decimalDigit + 1) {
41 | 						// Remove leading zero
42 | 						$(this).val($(this).val().replace(/^0/, ''));
43 | 					}
44 | 
45 | 					$(this).val(
46 | 						$(this)
47 | 							.val()
48 | 							.slice(0, settings.decimalDigit * -1) +
49 | 							settings.decimalSymbol +
50 | 							$(this)
51 | 								.val()
52 | 								.slice(settings.decimalDigit * -1)
53 | 					);
54 | 				} else {
55 | 					$(this).val('0' + settings.decimalSymbol + '0'.repeat(settings.decimalDigit).slice(0, $(this).val().length * -1) + $(this).val());
56 | 				}
57 | 			});
58 | 		});
59 | 
60 | 		return this;
61 | 	};
62 | })(jQuery);
63 | 


--------------------------------------------------------------------------------
/assets/js/sign-in.js:
--------------------------------------------------------------------------------
 1 | $(function () {
 2 | 	$('#username, #password').on('input', function () {
 3 | 		$('button[type="submit"]').toggleClass('disabled', !($('#username').val() && $('#password').val()));
 4 | 	});
 5 | 
 6 | 	$('#toggle-password').on('click', function () {
 7 | 		$('#toggle-password i').toggleClass('bi-eye bi-eye-slash');
 8 | 
 9 | 		$('input[name="password"]').attr('type', function (index, attr) {
10 | 			return attr == 'password' ? 'text' : 'password';
11 | 		});
12 | 	});
13 | 
14 | 	$('button[type="submit"]').on('click', function (e) {
15 | 		e.preventDefault();
16 | 
17 | 		var $btn = $(this);
18 | 		var values = $('form').serialize();
19 | 
20 | 		$btn.data('html', $btn.html())
21 | 			.css({
22 | 				width: $btn.outerWidth(),
23 | 				height: $btn.outerHeight(),
24 | 			})
25 | 			.prop('disabled', true)
26 | 			.html('<div class="loader-inner ball-beat"><div></div><div></div><div></div></div>');
27 | 
28 | 		$('input')
29 | 			.prop('disabled', true);
30 | 
31 | 		$('.is-invalid').removeClass('is-invalid');
32 | 
33 | 		$('.invalid-feedback').html('');
34 | 
35 | 		$.post('./user.json', values, function(response) {
36 | 			if (Object.keys(response.errors).length > 0) {
37 | 				$.each(response.errors, function (key, value) {
38 | 					$('[name="' + key + '"]')
39 | 						.addClass('is-invalid');
40 | 
41 | 					$('[name="' + key + '"]').parent('.form-floating')
42 | 						.addClass('is-invalid');
43 | 
44 | 					$('#' + key + '-feedback')
45 | 						.html(value);
46 | 				});
47 | 
48 | 				return;
49 | 			}
50 | 
51 | 			window.location.href = './';
52 | 		}, 'json')
53 | 			.fail(function() {
54 | 				alert('Connection lost. Please try again.');
55 | 			})
56 | 			.always(function(response) {
57 | 				$btn.prop('disabled', false).html($btn.data('html'));
58 | 
59 | 				$('input')
60 | 					.prop('disabled', false);
61 | 
62 | 				$('input[name="' + response.csrf.name + '"]').val(response.csrf.value);
63 | 			});
64 | 	});
65 | });
66 | 


--------------------------------------------------------------------------------
/pages/json.user.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * @var \Cookie\Cookie   $cookie
 4 |  * @var \Http\Request    $request
 5 |  * @var \Security\Form   $form
 6 |  * @var \Session\Session $session
 7 |  * @var \SQLite\Database $db
 8 |  */
 9 | defined('INDEX') or exit('Access is denied.');
10 | 
11 | header('Content-Type: application/json');
12 | 
13 | $results = [
14 | 	'errors' => [],
15 | 	'csrf'   => [
16 | 		'name'  => $form->getInputName(),
17 | 		'value' => $form->getInputValue(),
18 | 	],
19 | ];
20 | 
21 | $username = $request->post('username');
22 | $password = $request->post('password');
23 | $remember = $request->post('remember');
24 | 
25 | // CSRF validation
26 | $csrf = $form->validate();
27 | 
28 | // Get the latest CSRF token
29 | $results['csrf'] = [
30 | 	'name'  => $form->getInputName(),
31 | 	'value' => $form->getInputValue(),
32 | ];
33 | 
34 | // CSRF token is invalid
35 | if (!$csrf) {
36 | 	$results['errors']['password'] = 'Security validation failed.';
37 | 	exit(json_encode($results));
38 | }
39 | 
40 | // Username is not in a proper format
41 | if (!preg_match('/^[a-z0-9]{6,20}$/', $username)) {
42 | 	$results['errors']['username'] = 'Invalid username.';
43 | }
44 | 
45 | // Password is not in a proper format
46 | if (mb_strlen($password) < 8 || !preg_match('@[A-Z]@', $password) || !preg_match('@[a-z]@', $password) || !preg_match('@[0-9]@', $password) || !preg_match('@[^\w]@', $password)) {
47 | 	$results['errors']['password'] = 'Invalid password.';
48 | }
49 | 
50 | // Return errors
51 | if (!empty($results['errors'])) {
52 | 	exit(json_encode($results));
53 | }
54 | 
55 | // Match the username and password
56 | if ($username == $config['username'] && $password == $config['password']) {
57 | 	$session->set('user', 'yes');
58 | 
59 | 	// Store authentication details in cookie to avoid sign in again
60 | 	if ($remember) {
61 | 		$cookie->set('auth', $username . ';' . hash('sha256', $config['privateKey'] . $password . $config['privateKey']));
62 | 	}
63 | 
64 | 	$results['url'] = './';
65 | 
66 | 	exit(json_encode($results));
67 | }
68 | 
69 | $results['errors']['password'] = 'Invalid username or password.';
70 | 
71 | echo json_encode($results);
72 | 


--------------------------------------------------------------------------------
/assets/js/auto-complete.min.js:
--------------------------------------------------------------------------------
1 | !function(e){e.fn.autoComplete=function(t){var o=[],n="object"==typeof t?t:{},i=e.extend({source:[],noResults:"No result found"},n),a=function(t){if(e(t).is("input")&&Array.isArray(i.source)){o.push(t);var n=e('<ul class="dropdown-menu shadow auto-complete">'),a=e('<div class="w-100 overflow-x-hidden overflow-y-auto">'),s=function(){n.removeClass("show")};e(document).on("keydown",(function(o){var n=a.find("a");switch(o.which){case 27:s();break;case 38:if(!e(t).is(":focus")){o.preventDefault();break}0===a.find("li a.active").length?e(n[0]).addClass("active"):e.each(n,(function(t,o){if(e(o).hasClass("active")){var i=e(n[(0===t?n.length:t)-1]);return e(o).removeClass("active"),i.addClass("active"),(i.position().top<4*i.outerHeight()||i.position().top>2*a[0].clientHeight-2*i.outerHeight())&&i[0].scrollIntoView(),!1}}));break;case 40:if(!e(t).is(":focus")){o.preventDefault();break}0===a.find("a.active").length?e(n[0]).addClass("active"):e.each(n,(function(t,o){if(e(o).hasClass("active")){var i=e(n[(t===n.length-1?-1:t)+1]);e(o).removeClass("active"),i.addClass("active");var s=Math.ceil(a[0].clientHeight/i.outerHeight());return(i.position().top>i.outerHeight()*s||i.position().top<0)&&i[0].scrollIntoView(),!1}}));break;default:}})),n.append(a),e(t).on("input",(function(){a.empty(),i.source.length>0&&e.each(i.source,(function(o,i){if(i.toLowerCase().includes(e(t).val().trim().toLowerCase())){if(0==i.length)return;var s=e('<a href="#" class="dropdown-item">').html(i.replace(new RegExp("("+e(t).val().trim()+")","ig"),"<strong>$1</strong>")).on("click",(function(o){o.preventDefault(),e(t).val(i),n.removeClass("show")}));a.append(e("<li>").append(s))}})),a.is(":empty")&&a.append(e("<li>").append('<a href="#" class="dropdown-item disabled">'+i.noResults+"</a>")),function(){n.css({width:e(t).outerWidth()}).addClass("show"),n.offset({top:e(t).offset().top+e(t).outerHeight()});var o=e(window).height()-(e(t).offset().top+e(t).outerHeight()+100);o=o>300?300:o,a.css({maxHeight:o})}()})).on("blur",(function(){setTimeout((function(){s()}),200)})).on("keypress",(function(e){13===e.which&&(e.preventDefault(),a.find("a.active").trigger("click"))})).on("keydown",(function(e){9===e.which&&(e.preventDefault(),a.find("a.active").trigger("click"))})).after(n),e(document).on("wheel",(function(){e(t).blur()}))}};return destroy=function(){e.each(o,(function(t,o){e(o).off("input blur keypress keydown"),e(o).next(".auto-complete").remove()}))},refresh=function(){destroy(),e.each(o,(function(e,t){a(t)}))},this.each((function(e,t){a(t)})),{destroy:destroy,refresh:refresh}}}(jQuery);


--------------------------------------------------------------------------------
/libraries/Cookie/Cookie.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Cookie;
  4 | 
  5 | class Cookie
  6 | {
  7 | 	/**
  8 | 	 * A private key to encrypt cookie values.
  9 | 	 *
 10 | 	 * @var string
 11 | 	 */
 12 | 	protected $privateKey;
 13 | 
 14 | 	/**
 15 | 	 * Initialize cookie object.
 16 | 	 *
 17 | 	 * @param string $privateKey a private key to encrypt cookie values
 18 | 	 *
 19 | 	 * @return void
 20 | 	 */
 21 | 	public function __construct($privateKey)
 22 | 	{
 23 | 		if (empty($privateKey)) {
 24 | 			throw new \Exception(__CLASS__ . ': Missing private key.');
 25 | 		}
 26 | 
 27 | 		$this->privateKey = $privateKey;
 28 | 	}
 29 | 
 30 | 	/**
 31 | 	 * Retrieve a cookie value by key.
 32 | 	 *
 33 | 	 * @param string $key a key to identify the cookie
 34 | 	 *
 35 | 	 * @return string
 36 | 	 */
 37 | 	public function get($key)
 38 | 	{
 39 | 		return (isset($_COOKIE[$key])) ? $this->decrypt($_COOKIE[$key]) : '';
 40 | 	}
 41 | 
 42 | 	/**
 43 | 	 * Set a cookie value by key and value.
 44 | 	 *
 45 | 	 * @param string $key   a key to identify the cookie
 46 | 	 * @param string $value value to store in cookie
 47 | 	 * @param int    $days  cookie expiry in days
 48 | 	 *
 49 | 	 * @return void
 50 | 	 */
 51 | 	public function set($key, $value = null, $days = 30)
 52 | 	{
 53 | 		if ($value == null) {
 54 | 			setcookie($key, '', -1);
 55 | 		} else {
 56 | 			setcookie($key, $this->encrypt($value), time() + (86400 * $days), '/', false, true);
 57 | 		}
 58 | 	}
 59 | 
 60 | 	/**
 61 | 	 * Delete a cookie by key.
 62 | 	 *
 63 | 	 * @param string $key
 64 | 	 *
 65 | 	 * @return void
 66 | 	 */
 67 | 	public function delete($key)
 68 | 	{
 69 | 		$this->set($key, null);
 70 | 	}
 71 | 
 72 | 	/**
 73 | 	 * Destroy all cookies.
 74 | 	 *
 75 | 	 * @return void
 76 | 	 */
 77 | 	public function destroy()
 78 | 	{
 79 | 		foreach ($_COOKIE as $key) {
 80 | 			setcookie($key, '', -1);
 81 | 		}
 82 | 	}
 83 | 
 84 | 	/**
 85 | 	 * Encrypt a string.
 86 | 	 *
 87 | 	 * @param string $text string to encrypt
 88 | 	 *
 89 | 	 * @return string
 90 | 	 */
 91 | 	private function encrypt($text)
 92 | 	{
 93 | 		if (!\in_array('aes-256-ctr', openssl_get_cipher_methods())) {
 94 | 			throw new \Exception(__CLASS__ . ': "aes-256-ctr" cipher is not supported.');
 95 | 		}
 96 | 
 97 | 		$nonce = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-ctr'));
 98 | 		$cipherText = openssl_encrypt($text, 'aes-256-ctr', $this->privateKey, OPENSSL_RAW_DATA, $nonce);
 99 | 
100 | 		return base64_encode($nonce . $cipherText);
101 | 	}
102 | 
103 | 	/**
104 | 	 * Decrypt a string.
105 | 	 *
106 | 	 * @param string $text string to decrypt
107 | 	 *
108 | 	 * @return string
109 | 	 */
110 | 	private function decrypt($text)
111 | 	{
112 | 		$text = base64_decode($text);
113 | 
114 | 		$nonceSize = openssl_cipher_iv_length('aes-256-ctr');
115 | 
116 | 		return openssl_decrypt(mb_substr($text, $nonceSize, null, '8bit'), 'aes-256-ctr', $this->privateKey, OPENSSL_RAW_DATA, mb_substr($text, 0, $nonceSize, '8bit'));
117 | 	}
118 | }
119 | 


--------------------------------------------------------------------------------
/pages/json.currency.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * @var \Cookie\Cookie   $cookie
  4 |  * @var \Http\Request    $request
  5 |  * @var \Security\Form   $form
  6 |  * @var \Session\Session $session
  7 |  * @var \SQLite\Database $db
  8 |  */
  9 | defined('INDEX') or exit('Access is denied.');
 10 | 
 11 | header('Content-Type: application/json');
 12 | 
 13 | if (!$session->get('user')) {
 14 | 	exit(json_encode([
 15 | 		'status'  => 403,
 16 | 		'message' => 'Access denied.',
 17 | 	]));
 18 | }
 19 | 
 20 | if ($request->isPost()) {
 21 | 	$results = [
 22 | 		'errors' => [],
 23 | 		'csrf'   => [
 24 | 			'name'  => $form->getInputName(),
 25 | 			'value' => $form->getInputValue(),
 26 | 		],
 27 | 	];
 28 | 
 29 | 	// CSRF validation
 30 | 	$csrf = $form->validate();
 31 | 
 32 | 	// Get the latest CSRF token
 33 | 	$results['csrf'] = [
 34 | 		'name'  => $form->getInputName(),
 35 | 		'value' => $form->getInputValue(),
 36 | 	];
 37 | 
 38 | 	// CSRF token is invalid
 39 | 	if (!$csrf) {
 40 | 		$results['errors']['name'] = 'Security validation failed.';
 41 | 		exit(json_encode($results));
 42 | 	}
 43 | 
 44 | 	switch ($request->post('action')) {
 45 | 		case 'delete':
 46 | 			$currencyCode = strtoupper($request->post('code'));
 47 | 
 48 | 			$db->delete('currency_rate', '`currency_code` = :currencyCode', [
 49 | 				':currencyCode' => $currencyCode,
 50 | 			]);
 51 | 
 52 | 			break;
 53 | 
 54 | 		default:
 55 | 			$newCurrencyCode = strtoupper($request->post('new'));
 56 | 			$currencyCode = strtoupper($request->post('code'));
 57 | 			$rate = $request->post('rate');
 58 | 
 59 | 			if ($newCurrencyCode == 'USD' || $currencyCode == 'USD') {
 60 | 				$results['errors']['code'] = 'Base currency is read-only.';
 61 | 			}
 62 | 
 63 | 			if (!empty($currencyCode) && !preg_match('/^[A-Z]{3}$/', $currencyCode)) {
 64 | 				$results['errors']['code'] = 'Currency code is invalid.';
 65 | 			}
 66 | 
 67 | 			if (!preg_match('/^[A-Z]{3}$/', $newCurrencyCode)) {
 68 | 				$results['errors']['code'] = 'Currency code is invalid.';
 69 | 			}
 70 | 
 71 | 			if (!preg_match('/^[0-9]+(\.[0-9]+)?$/', $rate)) {
 72 | 				$results['errors']['rate'] = 'Rate is invalid.';
 73 | 			}
 74 | 
 75 | 			if (!empty($results['errors'])) {
 76 | 				exit(json_encode($results));
 77 | 			}
 78 | 
 79 | 			if ($newCurrencyCode) {
 80 | 				$db->delete('currency_rate', '`currency_code` = :currencyCode', [
 81 | 					':currencyCode' => $currencyCode,
 82 | 				]);
 83 | 
 84 | 				$db->insert('currency_rate', [
 85 | 					'currency_code' => $newCurrencyCode,
 86 | 					'rate'          => $rate * 10000,
 87 | 				]);
 88 | 			} else {
 89 | 				$db->insert('currency_rate', [
 90 | 					'currency_code' => $newCurrencyCode,
 91 | 					'rate'          => $rate * 10000,
 92 | 				]);
 93 | 			}
 94 | 	}
 95 | 
 96 | 	exit(json_encode($results));
 97 | } else {
 98 | 	$results = $db->select('currency_rate', '1 = 1 ORDER BY `currency_code`');
 99 | 
100 | 	if (!empty($results)) {
101 | 		foreach ($results as $key => $result) {
102 | 			$results[$key]['rate'] = number_format($results[$key]['rate'] / 10000, 4, '.');
103 | 		}
104 | 	}
105 | 
106 | 	echo json_encode($results);
107 | }
108 | 


--------------------------------------------------------------------------------
/libraries/Session/Session.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Session;
  4 | 
  5 | class Session
  6 | {
  7 | 	/**
  8 | 	 * Object to hold session variables.
  9 | 	 *
 10 | 	 * @var object
 11 | 	 */
 12 | 	protected $session;
 13 | 
 14 | 	/**
 15 | 	 * An unique ID for the session.
 16 | 	 *
 17 | 	 * @var string
 18 | 	 */
 19 | 	protected $sessionId;
 20 | 
 21 | 	/**
 22 | 	 * Initialize session object.
 23 | 	 *
 24 | 	 * @param string $sessionId specify an unique session Id for session container
 25 | 	 * @param bool   $secure    enable secure mode that will validate client IP and user agent
 26 | 	 *
 27 | 	 * @return void
 28 | 	 */
 29 | 	public function __construct($sessionId = null, $secure = true)
 30 | 	{
 31 | 		if (!session_id()) {
 32 | 			// Prevent invalid session Id
 33 | 			if (isset($_COOKIE[session_name()]) && !preg_match('/^[a-z0-9]{26,32}$/', $_COOKIE[session_name()])) {
 34 | 				return;
 35 | 			}
 36 | 
 37 | 			session_start([
 38 | 				'cookie_samesite' => 'Lax',
 39 | 			]);
 40 | 		}
 41 | 
 42 | 		$this->sessionId = ($sessionId) ? $sessionId : md5($_SERVER['HTTP_HOST'] . '_session');
 43 | 
 44 | 		// Secure mode
 45 | 		if ($secure) {
 46 | 			if (!isset($_SESSION[$this->sessionId . '_clientIp'])) {
 47 | 				$_SESSION[$this->sessionId . '_clientIp'] = $_SERVER['REMOTE_ADDR'];
 48 | 			}
 49 | 
 50 | 			if (!isset($_SESSION[$this->sessionId . '_userAgent'])) {
 51 | 				$_SESSION[$this->sessionId . '_userAgent'] = $_SERVER['HTTP_USER_AGENT'];
 52 | 			}
 53 | 
 54 | 			// Make sure client IP and user agent is same to prevent session hijacking
 55 | 			if ($_SESSION[$this->sessionId . '_clientIp'] != $_SERVER['REMOTE_ADDR'] || $_SESSION[$this->sessionId . '_userAgent'] != $_SERVER['HTTP_USER_AGENT']) {
 56 | 				session_unset();
 57 | 				session_destroy();
 58 | 
 59 | 				return;
 60 | 			}
 61 | 		}
 62 | 
 63 | 		if (isset($_SESSION[$this->sessionId]) && ($this->session = json_decode($_SESSION[$this->sessionId], true)) === null) {
 64 | 			return;
 65 | 		}
 66 | 
 67 | 		if (!isset($_SESSION[$this->sessionId])) {
 68 | 			$_SESSION[$this->sessionId] = json_encode([]);
 69 | 		}
 70 | 
 71 | 		$this->session = json_decode($_SESSION[$this->sessionId], true);
 72 | 	}
 73 | 
 74 | 	/**
 75 | 	 * Retrieve a session value by key.
 76 | 	 *
 77 | 	 * @param string $key
 78 | 	 *
 79 | 	 * @return string
 80 | 	 */
 81 | 	public function get($key)
 82 | 	{
 83 | 		return (isset($this->session[$key])) ? $this->session[$key] : '';
 84 | 	}
 85 | 
 86 | 	/**
 87 | 	 * Set a session variable by key and value.
 88 | 	 *
 89 | 	 * @param string $key
 90 | 	 * @param string $value
 91 | 	 *
 92 | 	 * @return void
 93 | 	 */
 94 | 	public function set($key, $value = null)
 95 | 	{
 96 | 		$this->session[$key] = $value;
 97 | 
 98 | 		if ($value === null) {
 99 | 			unset($this->session[$key]);
100 | 		}
101 | 
102 | 		$_SESSION[$this->sessionId] = json_encode($this->session);
103 | 	}
104 | 
105 | 	/**
106 | 	 * Delete a session variable by key.
107 | 	 *
108 | 	 * @param string $key
109 | 	 *
110 | 	 * @return void
111 | 	 */
112 | 	public function delete($key)
113 | 	{
114 | 		$this->set($key, null);
115 | 	}
116 | 
117 | 	/**
118 | 	 * Destroy the entire session variables.
119 | 	 *
120 | 	 * @return void
121 | 	 */
122 | 	public function destroy()
123 | 	{
124 | 		unset($_SESSION[$this->sessionId]);
125 | 		$this->session = null;
126 | 	}
127 | }
128 | 


--------------------------------------------------------------------------------
/includes/functions.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /**
 4 |  * Get current Carotu version.
 5 |  *
 6 |  * @return string
 7 |  */
 8 | function getVersion()
 9 | {
10 | 	return '1.0.0';
11 | }
12 | 
13 | /**
14 |  * Get country name by code.
15 |  *
16 |  * @param string $code
17 |  *
18 |  * @return string
19 |  */
20 | function getCountryNameByCode($code)
21 | {
22 | 	$countries = ['AE' => 'United Arab Emirates', 'AL' => 'Albania', 'AM' => 'Armenia', 'AO' => 'Angola', 'AR' => 'Argentina', 'AT' => 'Austria', 'AU' => 'Australia', 'AZ' => 'Azerbaijan', 'BB' => 'Barbados', 'BD' => 'Bangladesh', 'BE' => 'Belgium', 'BF' => 'Burkina Faso', 'BG' => 'Bulgaria', 'BH' => 'Bahrain', 'BN' => 'Brunei Darussalam', 'BR' => 'Brazil', 'BT' => 'Bhutan', 'BW' => 'Botswana', 'BY' => 'Belarus', 'CA' => 'Canada', 'CD' => 'Congo, the Democratic Republic of the', 'CH' => 'Switzerland', 'CL' => 'Chile', 'CN' => 'China', 'CO' => 'Colombia', 'CR' => 'Costa Rica', 'CW' => 'Curaçao', 'CY' => 'Cyprus', 'CZ' => 'Czech Republic', 'DE' => 'Germany', 'DJ' => 'Djibouti', 'DK' => 'Denmark', 'DO' => 'Dominican Republic', 'DZ' => 'Algeria', 'EC' => 'Ecuador', 'EE' => 'Estonia', 'EG' => 'Egypt', 'ES' => 'Spain', 'FI' => 'Finland', 'FR' => 'France', 'GB' => 'United Kingdom', 'GD' => 'Grenada', 'GE' => 'Georgia', 'GH' => 'Ghana', 'GR' => 'Greece', 'GT' => 'Guatemala', 'GU' => 'Guam', 'GY' => 'Guyana', 'HN' => 'Honduras', 'HR' => 'Croatia', 'HU' => 'Hungary', 'ID' => 'Indonesia', 'IE' => 'Ireland', 'IL' => 'Israel', 'IN' => 'India', 'IQ' => 'Iraq', 'IS' => 'Iceland', 'IT' => 'Italy', 'JM' => 'Jamaica', 'JO' => 'Jordan', 'JP' => 'Japan', 'KE' => 'Kenya', 'KH' => 'Cambodia', 'KR' => 'Korea, Republic of', 'KW' => 'Kuwait', 'KZ' => 'Kazakhstan', 'LA' => 'Lao People\'s Democratic Republic', 'LB' => 'Lebanon', 'LK' => 'Sri Lanka', 'LT' => 'Lithuania', 'LU' => 'Luxembourg', 'LV' => 'Latvia', 'MA' => 'Morocco', 'MD' => 'Moldova, Republic of', 'MG' => 'Madagascar', 'MM' => 'Myanmar', 'MN' => 'Mongolia', 'MU' => 'Mauritius', 'MV' => 'Maldives', 'MX' => 'Mexico', 'MY' => 'Malaysia', 'MZ' => 'Mozambique', 'NC' => 'New Caledonia', 'NG' => 'Nigeria', 'NL' => 'Netherlands', 'NO' => 'Norway', 'NP' => 'Nepal', 'NZ' => 'New Zealand', 'OM' => 'Oman', 'PA' => 'Panama', 'PE' => 'Peru', 'PF' => 'French Polynesia', 'PH' => 'Philippines', 'PK' => 'Pakistan', 'PL' => 'Poland', 'PT' => 'Portugal', 'PY' => 'Paraguay', 'QA' => 'Qatar', 'RO' => 'Romania', 'RS' => 'Serbia', 'RU' => 'Russian Federation', 'RW' => 'Rwanda', 'SA' => 'Saudi Arabia', 'SE' => 'Sweden', 'SG' => 'Singapore', 'SK' => 'Slovakia', 'SN' => 'Senegal', 'SR' => 'Suriname', 'TH' => 'Thailand', 'TN' => 'Tunisia', 'TR' => 'Turkey', 'TW' => 'Taiwan', 'TZ' => 'Tanzania, United Republic of', 'UA' => 'Ukraine', 'US' => 'United States', 'UZ' => 'Uzbekistan', 'VN' => 'Viet Nam', 'ZA' => 'South Africa', 'ZW' => 'Zimbabwe'];
23 | 
24 | 	return (isset($countries[$code])) ?? '';
25 | }
26 | 
27 | /**
28 |  * Sanitize input value.
29 |  *
30 |  * @param string $string
31 |  *
32 |  * @return string
33 |  */
34 | function sanitize($string)
35 | {
36 | 	return str_replace(';', '', trim($string));
37 | }
38 | 
39 | /**
40 |  * Convert bytes into human readable format.
41 |  *
42 |  * @param int $bytes
43 |  *
44 |  * @return string
45 |  */
46 | function formatBytes($bytes)
47 | {
48 | 	$i = ($bytes === 0) ? 0 : floor(log($bytes) / log(1024));
49 | 
50 | 	return round($bytes / pow(1024, $i), 2) * 1 . ' ' . ['B', 'kB', 'MB', 'GB', 'TB'][$i];
51 | }
52 | 


--------------------------------------------------------------------------------
/assets/js/select-search.min.js:
--------------------------------------------------------------------------------
1 | !function(e){e.fn.selectSearch=function(a){e.each(this,(function(a,t){var s=e(t).attr("class").split(" "),i=e(t).find("option:selected").text(),o=e('<ul class="dropdown-menu shadow">'),l=e('<input type="text" class="form-control select-search-input" autocomplete="off" autocapitalize="off">'),n=void 0!==e(t).data("search"),c=e('<div class="w-100 overflow-x-hidden overflow-y-scroll">');n&&(l.on("input",(function(){u()})).on("keypress",(function(e){13===e.which&&c.find("a.active").trigger("click")})).on("keydown",(function(e){9===e.which&&c.find("a.active").trigger("click")})),o.append(e('<li class="p-2">').append(l))),o.append(c),s.push("select-search");var r=e('<div class="'+s.join(" ")+'">').css({height:e(t).outerHeight()}).html('<div class="overflow-hidden text-nowrap">'+(i.length>0?i:"&nbsp;")+"</div>").on("click",(function(){e(this).hasClass("disabled")||(e(this).addClass("focus"),o.hasClass("show")?h():(v(),u()))}));e(t).addClass("d-none").after(r,o),e(t).on("change",(function(){r.data("value",e(this).val()).find("div").html(e(this).find("option:selected").html())})),e(document).on("mouseup",(function(e){r.is(e.target)||l.is(e.target)||c.is(e.target)||(r.removeClass("focus"),o.removeClass("show"))})),e(document).on("keydown",(function(a){var t=c.find("a");switch(a.which){case 27:h();break;case 38:if(!r.hasClass("focus"))return void a.preventDefault();v(),0===c.find("li a.active").length?e(t[0]).addClass("active"):e.each(t,(function(a,s){if(e(s).hasClass("active")){var i=e(t[(0===a?t.length:a)-1]);e(s).removeClass("active"),i.addClass("active");var o=i.position().top+c.scrollTop()-2*i.outerHeight();return(o>c.scrollTop()+c.outerHeight()||o<c.scrollTop())&&c.scrollTop(c.scrollTop()+i.position().top-2*i.outerHeight()),!1}}));break;case 40:if(!r.hasClass("focus")){a.preventDefault();break}v(),0===c.find("a.active").length?e(t[0]).addClass("active"):e.each(t,(function(a,s){if(e(s).hasClass("active")){var i=e(t[(a===t.length-1?-1:a)+1]);e(s).removeClass("active"),i.addClass("active");var o=i.position().top+c.scrollTop()-i.outerHeight();return(o>c.scrollTop()+c.outerHeight()||o<c.scrollTop())&&c.scrollTop(c.scrollTop()+i.position().top-2*i.outerHeight()),!1}}));break;default:}}));var d=new MutationObserver((function(a){for(var t,s=0;t=a[s];s++)"disabled"==t.attributeName&&(t.target.disabled?r.addClass("disabled"):r.removeClass("disabled")),"class"==t.attributeName&&(e(t.target).hasClass("is-invalid")?r.addClass("is-invalid"):r.removeClass("is-invalid"))}));d.observe(t,{attributes:!0});var v=function(){o.css({width:r.outerWidth()}).addClass("show"),l&&l.val("").focus();var a=e(window).height()-(r.offset().top+r.outerHeight()+100);a=a>300?300:a,c.css({maxHeight:a})},h=function(){o.removeClass("show")},u=function(){c.empty();var a=0;if(e.each(e(t).find("option"),(function(s,i){if(i.text.toLowerCase().includes(l.val().trim().toLowerCase())){if(0==i.text.length)return void a++;var n=e('<a href="#" class="dropdown-item" data-value="'+i.value+'">').html(i.text).on("click",(function(a){a.preventDefault(),e(t).val(i.value),r.data("value",i.value).find("div").html(i.text),o.removeClass("show")}));l.val().length>0?0===a&&n.addClass("active"):e(t).val()===i.value&&n.addClass("active"),c.append(e('<li class="select-search-item'+(r.data("value")===i.value?" active":"")+'">').append(n)),a++}})),c.find("a.active")){var s=c.find("a.active");s.length>0&&c.scrollTop(c.scrollTop()+s.position().top-2*s.outerHeight())}}}))}}(jQuery);


--------------------------------------------------------------------------------
/libraries/Security/Form.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Security;
  4 | 
  5 | class Form
  6 | {
  7 | 	private $inputName = '__CSRF_TOKEN__';
  8 | 	private $checkIp = false;
  9 | 	private $timer = 3600;
 10 | 
 11 | 	/**
 12 | 	 * Initialize NoCSRF object.
 13 | 	 *
 14 | 	 * @param bool $checkIp Make sure client IP is same within the session
 15 | 	 * @param int  $timer   Define expiration time for CSRF token in seconds
 16 | 	 */
 17 | 	public function __construct($checkIp = false, $timer = 3600)
 18 | 	{
 19 | 		// Start a session
 20 | 		if (session_status() == PHP_SESSION_NONE) {
 21 | 			// Make sure the session Id is valid
 22 | 			if (isset($_COOKIE[session_name()]) && !preg_match('/^[a-z0-9]{26,32}$/', $_COOKIE[session_name()])) {
 23 | 				return;
 24 | 			}
 25 | 
 26 | 			session_start();
 27 | 		}
 28 | 
 29 | 		$this->checkIp = ($checkIp) ? true : false;
 30 | 
 31 | 		if (\is_int($timer)) {
 32 | 			$this->timer = $timer;
 33 | 		}
 34 | 	}
 35 | 
 36 | 	/**
 37 | 	 * Validate a form submission.
 38 | 	 *
 39 | 	 * @return int
 40 | 	 */
 41 | 	public function validate()
 42 | 	{
 43 | 		// No CSRF post field is found
 44 | 		if (!isset($_POST[$this->inputName])) {
 45 | 			return false;
 46 | 		}
 47 | 
 48 | 		// No CSRF token found in session
 49 | 		if (!isset($_SESSION[$this->inputName])) {
 50 | 			return false;
 51 | 		}
 52 | 
 53 | 		if (($session = json_decode($_SESSION[$this->inputName])) === null) {
 54 | 			return false;
 55 | 		}
 56 | 
 57 | 		// Client IP does not match
 58 | 		if ($this->checkIp && $session->client_ip != $this->getClientIp()) {
 59 | 			return false;
 60 | 		}
 61 | 
 62 | 		// Token is expired
 63 | 		if ($this->timer !== false && $session->time < time()) {
 64 | 			return false;
 65 | 		}
 66 | 
 67 | 		// CSRF token not match
 68 | 		if ($_POST[$this->inputName] != $session->token) {
 69 | 			return false;
 70 | 		}
 71 | 
 72 | 		// Generate new token
 73 | 		$this->generateToken();
 74 | 
 75 | 		return true;
 76 | 	}
 77 | 
 78 | 	/**
 79 | 	 * Generate a new CSRF token.
 80 | 	 *
 81 | 	 * @return void
 82 | 	 */
 83 | 	public function generateToken()
 84 | 	{
 85 | 		$_SESSION[$this->inputName] = json_encode([
 86 | 			'token'     => bin2hex(random_bytes(35)),
 87 | 			'time'      => time() + $this->timer,
 88 | 			'client_ip' => $this->getClientIp(),
 89 | 		]);
 90 | 	}
 91 | 
 92 | 	/**
 93 | 	 * Print a hidden text field to hold security token.
 94 | 	 */
 95 | 	public function input()
 96 | 	{
 97 | 		// Generate new token
 98 | 		if (!isset($_SESSION[$this->inputName]) || $_SERVER['REQUEST_METHOD'] == 'GET') {
 99 | 			$this->generateToken();
100 | 		}
101 | 
102 | 		$session = json_decode((isset($_SESSION[$this->inputName])) ? $_SESSION[$this->inputName] : '');
103 | 
104 | 		echo '<input type="hidden" name="' . $this->inputName . '" value="' . ((isset($session->token)) ? $session->token : '') . '">';
105 | 	}
106 | 
107 | 	/**
108 | 	 * Get input field name.
109 | 	 *
110 | 	 * @return string
111 | 	 */
112 | 	public function getInputName()
113 | 	{
114 | 		return $this->inputName;
115 | 	}
116 | 
117 | 	/**
118 | 	 * Get the value of input.
119 | 	 *
120 | 	 * @return string
121 | 	 */
122 | 	public function getInputValue()
123 | 	{
124 | 		$session = json_decode((isset($_SESSION[$this->inputName])) ? $_SESSION[$this->inputName] : '');
125 | 
126 | 		return (isset($session->token)) ? $session->token : '';
127 | 	}
128 | 
129 | 	/**
130 | 	 * Get client IP address.
131 | 	 *
132 | 	 * @return string
133 | 	 */
134 | 	private function getClientIp()
135 | 	{
136 | 		return (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : '';
137 | 	}
138 | }
139 | 


--------------------------------------------------------------------------------
/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | // Preset PHP settings
  4 | error_reporting(E_ALL);
  5 | ini_set('display_errors', 0);
  6 | date_default_timezone_set('UTC');
  7 | 
  8 | // Define this as parent file
  9 | define('INDEX', 1);
 10 | 
 11 | // Define root directory
 12 | define('DS', DIRECTORY_SEPARATOR);
 13 | define('ROOT', __DIR__ . DS);
 14 | 
 15 | // Define directories
 16 | define('INCLUDES', ROOT . 'includes' . DS);
 17 | define('LIBRARIES', ROOT . 'libraries' . DS);
 18 | define('LOGS', ROOT . 'logs' . DS);
 19 | define('PAGES', ROOT . 'pages' . DS);
 20 | define('STORAGE', ROOT . 'storage' . DS);
 21 | 
 22 | ob_start();
 23 | 
 24 | // Load libraries
 25 | require LIBRARIES . 'autoload.php';
 26 | 
 27 | // Error Handler
 28 | new \Error\Handler(function ($file, $line, $error) {
 29 | 	// Log error
 30 | 	file_put_contents(LOGS . 'error.log', json_encode([
 31 | 		'date'  => date('Y-m-d H:i:s', strtotime('+8 hours')),
 32 | 		'error' => $error,
 33 | 		'file'  => $file . ': ' . $line,
 34 | 		'ip'    => $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1',
 35 | 		'ua'    => $_SERVER['HTTP_USER_AGENT'] ?? '-',
 36 | 		'url'   => $_SERVER['REQUEST_URI'] ?? '-',
 37 | 	]) . "\n", FILE_APPEND);
 38 | 
 39 | 	ob_clean();
 40 | 
 41 | 	header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error');
 42 | 	include ROOT . '50x.html';
 43 | 	ob_end_flush();
 44 | 	exit;
 45 | });
 46 | 
 47 | // Configuration
 48 | require ROOT . 'configuration.php';
 49 | 
 50 | if (!isset($config['username'])) {
 51 | 	header('Location: ./install');
 52 | 	exit;
 53 | }
 54 | 
 55 | // Core functions
 56 | require INCLUDES . 'functions.php';
 57 | 
 58 | // Page Request
 59 | $request = new \Http\Request();
 60 | 
 61 | // Session
 62 | $session = new \Session\Session();
 63 | 
 64 | // Cookie
 65 | $cookie = new \Cookie\Cookie($config['privateKey']);
 66 | 
 67 | // SQLite Database
 68 | try {
 69 | 	$db = new \SQLite\Database(STORAGE . substr(hash('sha256', $config['privateKey']), 0, 32) . '.sqlite');
 70 | 	$db->saveErrorLog(LOGS . 'sqlite-error.log');
 71 | } catch (Exception $e) {
 72 | 	ob_clean();
 73 | 
 74 | 	header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
 75 | 	include ROOT . '50x.html';
 76 | 	ob_end_flush();
 77 | 
 78 | 	file_put_contents(LOGS . 'sqlite-error.log', implode("\t", [
 79 | 		gmdate('Y-m-d H:i:s'),
 80 | 		$e->getFile(),
 81 | 		$e->getLine(),
 82 | 		$e->getMessage(),
 83 | 	]) . "\n", FILE_APPEND);
 84 | 
 85 | 	exit;
 86 | }
 87 | 
 88 | // Cookie authentication
 89 | if (!$session->get('user') && strpos((string) $cookie->get('auth'), ';') !== false) {
 90 | 	list($username, $hash) = explode(';', $cookie->get('auth'));
 91 | 
 92 | 	if ($username == $config['username'] && $hash == hash('sha256', $config['privateKey'] . $config['password'] . $config['privateKey'])) {
 93 | 		$session->set('user', true);
 94 | 	}
 95 | }
 96 | 
 97 | // Get requested page
 98 | $_PAGE = basename(preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']));
 99 | $_PAGE = (substr($_PAGE, -5) == '.json') ? ('json.' . substr($_PAGE, 0, -5)) : ((!empty($_PAGE)) ? $_PAGE : 'core');
100 | 
101 | // Validate pages to prevent file inclusion vulnerability
102 | $pages = [];
103 | $files = scandir(PAGES);
104 | 
105 | foreach ($files as $file) {
106 | 	if (substr($file, -4) != '.php') {
107 | 		continue;
108 | 	}
109 | 
110 | 	$pages[substr($file, 0, -4)] = true;
111 | }
112 | 
113 | // Requested page is not found
114 | if (!isset($pages[$_PAGE])) {
115 | 	header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
116 | 	require ROOT . '404.html';
117 | 	ob_end_flush();
118 | 	exit;
119 | }
120 | 
121 | // CSRF protection
122 | $form = new \Security\Form(true, 86400);
123 | 
124 | // Display requested page
125 | require PAGES . $_PAGE . '.php';
126 | 
127 | ob_end_flush();
128 | 


--------------------------------------------------------------------------------
/403.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 | <head>
 4 | 	<meta charset="utf-8">
 5 | 	<meta name="viewport" content="width=device-width, initial-scale=1">
 6 | 
 7 | 	<title>403 Forbidden</title>
 8 | 
 9 | 	<link href="https://cdnjs.cloudflare.com/ajax/libs/bootswatch/5.3.2/superhero/bootstrap.min.css" rel="stylesheet">
10 | </head>
11 | 
12 | <body class="mt-5">
13 | 	<div class="container">
14 | 		<div class="row">
15 | 			<div class="col-md-4 offset-md-4">
16 | 				<p class="text-center">
17 | 					<img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj48c3ZnIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIHZpZXdCb3g9IjAgMCAxMDI0IDEwMjQiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIgeG1sbnM6c2VyaWY9Imh0dHA6Ly93d3cuc2VyaWYuY29tLyIgc3R5bGU9ImZpbGwtcnVsZTpldmVub2RkO2NsaXAtcnVsZTpldmVub2RkO3N0cm9rZS1saW5lam9pbjpyb3VuZDtzdHJva2UtbWl0ZXJsaW1pdDoyOyI+PGcgaWQ9ImxvZ28tbG9nbyI+PGc+PGc+PHBhdGggZD0iTTcxNi44MjMsNjQ0LjgxM2wtNTMuODM4LC0wYy04LjI0MywtMCAtMTQuOTQzLDYuNzA3IC0xNC45NDMsMTQuOTQzYy0wLDguMTk5IDYuNywxNC44OTIgMTQuOTQzLDE0Ljg5Mmw1My44MzgsLTBsMCwyLjg1NmMwLDg0Ljg5NyAtMTM4LjEzNCwxNjkuNDgzIC0yMDQuODIzLDIwMS44MjZjLTI0LjI1NSwtMTEuNzM4IC01Ny44NjcsLTMwLjQxNCAtOTAuOTQ0LC01My41MDRsMjUuNDU3LC0wYzUuNDkxLC0wIDkuODk4LC00LjQgOS44OTgsLTkuODgzYy0wLC01LjQ5MSAtNC40MDcsLTkuOTM1IC05Ljg5OCwtOS45MzVsLTUyLjE5MSwtMGMtNDcuMjQyLC0zNy4zNjYgLTg3LjE1MywtODIuODk0IC04Ny4xNTMsLTEyOC41MDRsMCwtMTkuMzg4bDU0LjY2MiwwYzcuMzIzLDAgMTMuMjM3LC01LjkyOCAxMy4yMzcsLTEzLjMwM2MtMCwtNy4zMTYgLTUuOTE0LC0xMy4yMyAtMTMuMjM3LC0xMy4yM2wtNTQuNjYyLDBsMCwtNzkuNTQ3YzEuNywwLjQzOCAzLjQ5NSwwLjc3MSA1LjMzNSwwLjc3MWw2OC42MzMsMGMxMS4xMDgsMCAyMC4xMywtOS4wMTUgMjAuMTMsLTIwLjExNWMwLC0xMS4xMTQgLTkuMDIyLC0yMC4xMjkgLTIwLjEzLC0yMC4xMjlsLTY4LjYzMywtMGMtMS43OTUsLTAgLTMuNDk0LDAuMjg5IC01LjE0OSwwLjcxOWM0LjYxNSwtMTA0LjEzNiA4Ny4yNjQsLTE4OC4yOTIgMTkwLjc3LC0xOTUuMjI5bDAuMDQ1LDU2Ljc0NmMtMTcuNjA4LDUuODMyIC0zMC4zMSwyMi4zNjQgLTMwLjMxLDQxLjkxNWwtMCw0OC4yNThjLTAsMjQuNDA0IDE5LjczNiw0NC4xNCA0NC4xNCw0NC4xNGMyNC4zNDQsMCA0NC4wODEsLTE5LjczNiA0NC4wODEsLTQ0LjE0bC0wLC00OC4yNThjLTAsLTE5LjU1MSAtMTIuNzEsLTM2LjA4MyAtMzAuMzAyLC00MS45MTVsMC4wODksLTU2Ljc0NmMxMDMuMjY4LDYuOTM3IDE4NS43NjksOTAuNzA3IDE5MC43MjUsMTk0LjUxbC00MS42NzcsLTBjLTguNzI1LC0wIC0xNS44MTEsNy4wNzEgLTE1LjgxMSwxNS44MTFjLTAsOC43NjMgNy4wODYsMTUuODQ5IDE1LjgxMSwxNS44NDlsNDEuOTA3LC0wbDAsMTAwLjU5Wm0tMjA0LjgyMywtMzg1LjQ5NWMtMTQ1LjAyLC0wIC0yNjMuMDM5LDExOC4wMDQgLTI2My4wMzksMjYzLjAzOWwwLDE1NS4xNDdjMCw2My40NDcgNDMuNDEzLDEyNy4wMzQgMTI5LjAyMywxODkuMDM0YzYwLjE4OSw0My41NDcgMTM0LjAxNiw3Ni44MTcgMTM0LjAxNiw3Ni44MTdjLTAsMCA3My44MTksLTMzLjI3IDEzNC4wMTYsLTc2LjgxN2M4NS42MDIsLTYyIDEyOS4wMjMsLTEyNS41ODcgMTI5LjAyMywtMTg5LjAzNGwtMCwtMTU1LjE0N2MtMCwtMTQ1LjAzNSAtMTE4LjAyNywtMjYzLjAzOSAtMjYzLjAzOSwtMjYzLjAzOSIgc3R5bGU9ImZpbGw6I2ZmNTc1ODtmaWxsLXJ1bGU6bm9uemVybzsiLz48L2c+PGc+PHBhdGggZD0iTTU0Ni4xOTEsMjM4LjgzYzAsMCAxOTUuODY4LDI1LjIyIDIwNS44ODUsLTE1My40ODVjLTAsLTAgLTIyMC4xODIsLTQyLjY5NCAtMjM2LjE3MiwxMjkuMjc0Yy0wLDAgNzEuMjgyLC03OS44MzYgMTcwLjE1LC04My42NWMwLC0wIC0xMzMuMTAzLDUxLjAzMyAtMTM5Ljg2MywxMDcuODYxIiBzdHlsZT0iZmlsbDojN2ZkODU4O2ZpbGwtcnVsZTpub256ZXJvOyIvPjwvZz48Zz48cGF0aCBkPSJNNDc5Ljc5OSwyMzkuMDA4YzAsMCAtMTY3LjE3NSwyMS41MjUgLTE3NS43MjIsLTEzMS4wMDNjLTAsLTAgMTg3LjkyOCwtMzYuNDMyIDIwMS41NjYsMTEwLjMzOWMtMCwwIC02MC44MzUsLTY4LjE0MyAtMTQ1LjIxMywtNzEuMzkzYy0wLDAgMTEzLjU5Nyw0My41NDcgMTE5LjM2OSw5Mi4wNTciIHN0eWxlPSJmaWxsOiM3ZmQ4NTg7ZmlsbC1ydWxlOm5vbnplcm87Ii8+PC9nPjwvZz48L2c+PC9zdmc+" width="64" height="64">
18 | 				</p>
19 | 
20 | 				<h2>Access denied!</h2>
21 | 
22 | 				<p>Sorry, you don't have permission to access this page.</p>
23 | 			</div>
24 | 		</div>
25 | 	</div>
26 | </body>
27 | </html>


--------------------------------------------------------------------------------
/50x.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 | <head>
 4 | 	<meta charset="utf-8">
 5 | 	<meta name="viewport" content="width=device-width, initial-scale=1">
 6 | 
 7 | 	<title>500 Internal Server Error</title>
 8 | 
 9 | 	<link href="https://cdnjs.cloudflare.com/ajax/libs/bootswatch/5.3.2/superhero/bootstrap.min.css" rel="stylesheet">
10 | </head>
11 | 
12 | <body class="mt-5">
13 | 	<div class="container">
14 | 		<div class="row">
15 | 			<div class="col-md-4 offset-md-4">
16 | 				<p class="text-center">
17 | 					<img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj48c3ZnIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIHZpZXdCb3g9IjAgMCAxMDI0IDEwMjQiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIgeG1sbnM6c2VyaWY9Imh0dHA6Ly93d3cuc2VyaWYuY29tLyIgc3R5bGU9ImZpbGwtcnVsZTpldmVub2RkO2NsaXAtcnVsZTpldmVub2RkO3N0cm9rZS1saW5lam9pbjpyb3VuZDtzdHJva2UtbWl0ZXJsaW1pdDoyOyI+PGcgaWQ9ImxvZ28tbG9nbyI+PGc+PGc+PHBhdGggZD0iTTcxNi44MjMsNjQ0LjgxM2wtNTMuODM4LC0wYy04LjI0MywtMCAtMTQuOTQzLDYuNzA3IC0xNC45NDMsMTQuOTQzYy0wLDguMTk5IDYuNywxNC44OTIgMTQuOTQzLDE0Ljg5Mmw1My44MzgsLTBsMCwyLjg1NmMwLDg0Ljg5NyAtMTM4LjEzNCwxNjkuNDgzIC0yMDQuODIzLDIwMS44MjZjLTI0LjI1NSwtMTEuNzM4IC01Ny44NjcsLTMwLjQxNCAtOTAuOTQ0LC01My41MDRsMjUuNDU3LC0wYzUuNDkxLC0wIDkuODk4LC00LjQgOS44OTgsLTkuODgzYy0wLC01LjQ5MSAtNC40MDcsLTkuOTM1IC05Ljg5OCwtOS45MzVsLTUyLjE5MSwtMGMtNDcuMjQyLC0zNy4zNjYgLTg3LjE1MywtODIuODk0IC04Ny4xNTMsLTEyOC41MDRsMCwtMTkuMzg4bDU0LjY2MiwwYzcuMzIzLDAgMTMuMjM3LC01LjkyOCAxMy4yMzcsLTEzLjMwM2MtMCwtNy4zMTYgLTUuOTE0LC0xMy4yMyAtMTMuMjM3LC0xMy4yM2wtNTQuNjYyLDBsMCwtNzkuNTQ3YzEuNywwLjQzOCAzLjQ5NSwwLjc3MSA1LjMzNSwwLjc3MWw2OC42MzMsMGMxMS4xMDgsMCAyMC4xMywtOS4wMTUgMjAuMTMsLTIwLjExNWMwLC0xMS4xMTQgLTkuMDIyLC0yMC4xMjkgLTIwLjEzLC0yMC4xMjlsLTY4LjYzMywtMGMtMS43OTUsLTAgLTMuNDk0LDAuMjg5IC01LjE0OSwwLjcxOWM0LjYxNSwtMTA0LjEzNiA4Ny4yNjQsLTE4OC4yOTIgMTkwLjc3LC0xOTUuMjI5bDAuMDQ1LDU2Ljc0NmMtMTcuNjA4LDUuODMyIC0zMC4zMSwyMi4zNjQgLTMwLjMxLDQxLjkxNWwtMCw0OC4yNThjLTAsMjQuNDA0IDE5LjczNiw0NC4xNCA0NC4xNCw0NC4xNGMyNC4zNDQsMCA0NC4wODEsLTE5LjczNiA0NC4wODEsLTQ0LjE0bC0wLC00OC4yNThjLTAsLTE5LjU1MSAtMTIuNzEsLTM2LjA4MyAtMzAuMzAyLC00MS45MTVsMC4wODksLTU2Ljc0NmMxMDMuMjY4LDYuOTM3IDE4NS43NjksOTAuNzA3IDE5MC43MjUsMTk0LjUxbC00MS42NzcsLTBjLTguNzI1LC0wIC0xNS44MTEsNy4wNzEgLTE1LjgxMSwxNS44MTFjLTAsOC43NjMgNy4wODYsMTUuODQ5IDE1LjgxMSwxNS44NDlsNDEuOTA3LC0wbDAsMTAwLjU5Wm0tMjA0LjgyMywtMzg1LjQ5NWMtMTQ1LjAyLC0wIC0yNjMuMDM5LDExOC4wMDQgLTI2My4wMzksMjYzLjAzOWwwLDE1NS4xNDdjMCw2My40NDcgNDMuNDEzLDEyNy4wMzQgMTI5LjAyMywxODkuMDM0YzYwLjE4OSw0My41NDcgMTM0LjAxNiw3Ni44MTcgMTM0LjAxNiw3Ni44MTdjLTAsMCA3My44MTksLTMzLjI3IDEzNC4wMTYsLTc2LjgxN2M4NS42MDIsLTYyIDEyOS4wMjMsLTEyNS41ODcgMTI5LjAyMywtMTg5LjAzNGwtMCwtMTU1LjE0N2MtMCwtMTQ1LjAzNSAtMTE4LjAyNywtMjYzLjAzOSAtMjYzLjAzOSwtMjYzLjAzOSIgc3R5bGU9ImZpbGw6I2ZmNTc1ODtmaWxsLXJ1bGU6bm9uemVybzsiLz48L2c+PGc+PHBhdGggZD0iTTU0Ni4xOTEsMjM4LjgzYzAsMCAxOTUuODY4LDI1LjIyIDIwNS44ODUsLTE1My40ODVjLTAsLTAgLTIyMC4xODIsLTQyLjY5NCAtMjM2LjE3MiwxMjkuMjc0Yy0wLDAgNzEuMjgyLC03OS44MzYgMTcwLjE1LC04My42NWMwLC0wIC0xMzMuMTAzLDUxLjAzMyAtMTM5Ljg2MywxMDcuODYxIiBzdHlsZT0iZmlsbDojN2ZkODU4O2ZpbGwtcnVsZTpub256ZXJvOyIvPjwvZz48Zz48cGF0aCBkPSJNNDc5Ljc5OSwyMzkuMDA4YzAsMCAtMTY3LjE3NSwyMS41MjUgLTE3NS43MjIsLTEzMS4wMDNjLTAsLTAgMTg3LjkyOCwtMzYuNDMyIDIwMS41NjYsMTEwLjMzOWMtMCwwIC02MC44MzUsLTY4LjE0MyAtMTQ1LjIxMywtNzEuMzkzYy0wLDAgMTEzLjU5Nyw0My41NDcgMTE5LjM2OSw5Mi4wNTciIHN0eWxlPSJmaWxsOiM3ZmQ4NTg7ZmlsbC1ydWxlOm5vbnplcm87Ii8+PC9nPjwvZz48L2c+PC9zdmc+" width="64" height="64">
18 | 				</p>
19 | 
20 | 				<h2>Oops, something is not right!</h2>
21 | 
22 | 				<p>There is an unexpected error found.</p>
23 | 			</div>
24 | 		</div>
25 | 	</div>
26 | </body>
27 | </html>


--------------------------------------------------------------------------------
/404.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 | <head>
 4 | 	<meta charset="utf-8">
 5 | 	<meta name="viewport" content="width=device-width, initial-scale=1">
 6 | 
 7 | 	<title>404 Page Not Found</title>
 8 | 
 9 | 	<link href="https://cdnjs.cloudflare.com/ajax/libs/bootswatch/5.3.2/superhero/bootstrap.min.css" rel="stylesheet">
10 | </head>
11 | 
12 | <body class="mt-5">
13 | 	<div class="container">
14 | 		<div class="row">
15 | 			<div class="col-md-4 offset-md-4">
16 | 				<p class="text-center">
17 | 					<img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj48c3ZnIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIHZpZXdCb3g9IjAgMCAxMDI0IDEwMjQiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIgeG1sbnM6c2VyaWY9Imh0dHA6Ly93d3cuc2VyaWYuY29tLyIgc3R5bGU9ImZpbGwtcnVsZTpldmVub2RkO2NsaXAtcnVsZTpldmVub2RkO3N0cm9rZS1saW5lam9pbjpyb3VuZDtzdHJva2UtbWl0ZXJsaW1pdDoyOyI+PGcgaWQ9ImxvZ28tbG9nbyI+PGc+PGc+PHBhdGggZD0iTTcxNi44MjMsNjQ0LjgxM2wtNTMuODM4LC0wYy04LjI0MywtMCAtMTQuOTQzLDYuNzA3IC0xNC45NDMsMTQuOTQzYy0wLDguMTk5IDYuNywxNC44OTIgMTQuOTQzLDE0Ljg5Mmw1My44MzgsLTBsMCwyLjg1NmMwLDg0Ljg5NyAtMTM4LjEzNCwxNjkuNDgzIC0yMDQuODIzLDIwMS44MjZjLTI0LjI1NSwtMTEuNzM4IC01Ny44NjcsLTMwLjQxNCAtOTAuOTQ0LC01My41MDRsMjUuNDU3LC0wYzUuNDkxLC0wIDkuODk4LC00LjQgOS44OTgsLTkuODgzYy0wLC01LjQ5MSAtNC40MDcsLTkuOTM1IC05Ljg5OCwtOS45MzVsLTUyLjE5MSwtMGMtNDcuMjQyLC0zNy4zNjYgLTg3LjE1MywtODIuODk0IC04Ny4xNTMsLTEyOC41MDRsMCwtMTkuMzg4bDU0LjY2MiwwYzcuMzIzLDAgMTMuMjM3LC01LjkyOCAxMy4yMzcsLTEzLjMwM2MtMCwtNy4zMTYgLTUuOTE0LC0xMy4yMyAtMTMuMjM3LC0xMy4yM2wtNTQuNjYyLDBsMCwtNzkuNTQ3YzEuNywwLjQzOCAzLjQ5NSwwLjc3MSA1LjMzNSwwLjc3MWw2OC42MzMsMGMxMS4xMDgsMCAyMC4xMywtOS4wMTUgMjAuMTMsLTIwLjExNWMwLC0xMS4xMTQgLTkuMDIyLC0yMC4xMjkgLTIwLjEzLC0yMC4xMjlsLTY4LjYzMywtMGMtMS43OTUsLTAgLTMuNDk0LDAuMjg5IC01LjE0OSwwLjcxOWM0LjYxNSwtMTA0LjEzNiA4Ny4yNjQsLTE4OC4yOTIgMTkwLjc3LC0xOTUuMjI5bDAuMDQ1LDU2Ljc0NmMtMTcuNjA4LDUuODMyIC0zMC4zMSwyMi4zNjQgLTMwLjMxLDQxLjkxNWwtMCw0OC4yNThjLTAsMjQuNDA0IDE5LjczNiw0NC4xNCA0NC4xNCw0NC4xNGMyNC4zNDQsMCA0NC4wODEsLTE5LjczNiA0NC4wODEsLTQ0LjE0bC0wLC00OC4yNThjLTAsLTE5LjU1MSAtMTIuNzEsLTM2LjA4MyAtMzAuMzAyLC00MS45MTVsMC4wODksLTU2Ljc0NmMxMDMuMjY4LDYuOTM3IDE4NS43NjksOTAuNzA3IDE5MC43MjUsMTk0LjUxbC00MS42NzcsLTBjLTguNzI1LC0wIC0xNS44MTEsNy4wNzEgLTE1LjgxMSwxNS44MTFjLTAsOC43NjMgNy4wODYsMTUuODQ5IDE1LjgxMSwxNS44NDlsNDEuOTA3LC0wbDAsMTAwLjU5Wm0tMjA0LjgyMywtMzg1LjQ5NWMtMTQ1LjAyLC0wIC0yNjMuMDM5LDExOC4wMDQgLTI2My4wMzksMjYzLjAzOWwwLDE1NS4xNDdjMCw2My40NDcgNDMuNDEzLDEyNy4wMzQgMTI5LjAyMywxODkuMDM0YzYwLjE4OSw0My41NDcgMTM0LjAxNiw3Ni44MTcgMTM0LjAxNiw3Ni44MTdjLTAsMCA3My44MTksLTMzLjI3IDEzNC4wMTYsLTc2LjgxN2M4NS42MDIsLTYyIDEyOS4wMjMsLTEyNS41ODcgMTI5LjAyMywtMTg5LjAzNGwtMCwtMTU1LjE0N2MtMCwtMTQ1LjAzNSAtMTE4LjAyNywtMjYzLjAzOSAtMjYzLjAzOSwtMjYzLjAzOSIgc3R5bGU9ImZpbGw6I2ZmNTc1ODtmaWxsLXJ1bGU6bm9uemVybzsiLz48L2c+PGc+PHBhdGggZD0iTTU0Ni4xOTEsMjM4LjgzYzAsMCAxOTUuODY4LDI1LjIyIDIwNS44ODUsLTE1My40ODVjLTAsLTAgLTIyMC4xODIsLTQyLjY5NCAtMjM2LjE3MiwxMjkuMjc0Yy0wLDAgNzEuMjgyLC03OS44MzYgMTcwLjE1LC04My42NWMwLC0wIC0xMzMuMTAzLDUxLjAzMyAtMTM5Ljg2MywxMDcuODYxIiBzdHlsZT0iZmlsbDojN2ZkODU4O2ZpbGwtcnVsZTpub256ZXJvOyIvPjwvZz48Zz48cGF0aCBkPSJNNDc5Ljc5OSwyMzkuMDA4YzAsMCAtMTY3LjE3NSwyMS41MjUgLTE3NS43MjIsLTEzMS4wMDNjLTAsLTAgMTg3LjkyOCwtMzYuNDMyIDIwMS41NjYsMTEwLjMzOWMtMCwwIC02MC44MzUsLTY4LjE0MyAtMTQ1LjIxMywtNzEuMzkzYy0wLDAgMTEzLjU5Nyw0My41NDcgMTE5LjM2OSw5Mi4wNTciIHN0eWxlPSJmaWxsOiM3ZmQ4NTg7ZmlsbC1ydWxlOm5vbnplcm87Ii8+PC9nPjwvZz48L2c+PC9zdmc+" width="64" height="64">
18 | 				</p>
19 | 
20 | 				<h2>Hmmm... the page is missing!</h2>
21 | 
22 | 				<p>We're sorry, but the page you were looking for doesn't exist.</p>
23 | 			</div>
24 | 		</div>
25 | 	</div>
26 | </body>
27 | </html>


--------------------------------------------------------------------------------
/pages/json.provider.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * @var \Cookie\Cookie   $cookie
  4 |  * @var \Http\Request    $request
  5 |  * @var \Security\Form   $form
  6 |  * @var \Session\Session $session
  7 |  * @var \SQLite\Database $db
  8 |  */
  9 | defined('INDEX') or exit('Access is denied.');
 10 | 
 11 | header('Content-Type: application/json');
 12 | 
 13 | if (!$session->get('user')) {
 14 | 	exit(json_encode([
 15 | 		'status'  => 403,
 16 | 		'message' => 'Access denied.',
 17 | 	]));
 18 | }
 19 | 
 20 | if ($request->isPost()) {
 21 | 	$results = [
 22 | 		'errors' => [],
 23 | 		'csrf'   => [
 24 | 			'name'  => $form->getInputName(),
 25 | 			'value' => $form->getInputValue(),
 26 | 		],
 27 | 	];
 28 | 
 29 | 	// CSRF validation
 30 | 	$csrf = $form->validate();
 31 | 
 32 | 	// Get the latest CSRF token
 33 | 	$results['csrf'] = [
 34 | 		'name'  => $form->getInputName(),
 35 | 		'value' => $form->getInputValue(),
 36 | 	];
 37 | 
 38 | 	// CSRF token is invalid
 39 | 	if (!$csrf) {
 40 | 		$results['errors']['name'] = 'Security validation failed.';
 41 | 		exit(json_encode($results));
 42 | 	}
 43 | 
 44 | 	switch ($request->post('action')) {
 45 | 		case 'delete':
 46 | 			$providerId = $request->post('id');
 47 | 
 48 | 			$db->delete('provider', '`provider_id` = :providerId', [
 49 | 				':providerId' => $providerId,
 50 | 			]);
 51 | 
 52 | 			// Orphan the machines
 53 | 			$db->update('machine', [
 54 | 				'provider_id' => 0,
 55 | 			], '`provider_id` = :providerId', [
 56 | 				':providerId' => $providerId,
 57 | 			]);
 58 | 
 59 | 			break;
 60 | 
 61 | 		default:
 62 | 			$providerId = $request->post('id');
 63 | 			$name = sanitize($request->post('name'));
 64 | 			$website = sanitize(rtrim($request->post('website'), '/'));
 65 | 			$controlPanel = sanitize($request->post('cp'));
 66 | 			$controlPanelUrl = sanitize(rtrim($request->post('cpUrl'), '/'));
 67 | 
 68 | 			if (empty($name)) {
 69 | 				$results['errors']['name'] = 'This field is required.';
 70 | 			}
 71 | 
 72 | 			if (!filter_var($website, FILTER_VALIDATE_URL)) {
 73 | 				$results['errors']['website'] = 'URL is invalid.';
 74 | 			}
 75 | 
 76 | 			if (empty($controlPanel)) {
 77 | 				$results['errors']['cp'] = 'This field is required.';
 78 | 			}
 79 | 
 80 | 			if (!filter_var($controlPanelUrl, FILTER_VALIDATE_URL)) {
 81 | 				$results['errors']['cpUrl'] = 'URL is invalid.';
 82 | 			}
 83 | 
 84 | 			if (!empty($results['errors'])) {
 85 | 				exit(json_encode($results));
 86 | 			}
 87 | 
 88 | 			if ($providerId) {
 89 | 				$db->update('provider', [
 90 | 					'name'               => $name,
 91 | 					'website'            => $website,
 92 | 					'control_panel_name' => $controlPanel,
 93 | 					'control_panel_url'  => $controlPanelUrl,
 94 | 					'date_modified'      => gmdate('Y-m-d H:i:s'),
 95 | 				], 'provider_id = :providerId', [
 96 | 					':providerId' => $providerId,
 97 | 				]);
 98 | 			} else {
 99 | 				$db->insert('provider', [
100 | 					'name'               => $name,
101 | 					'website'            => $website,
102 | 					'control_panel_name' => $controlPanel,
103 | 					'control_panel_url'  => $controlPanelUrl,
104 | 					'date_created'       => gmdate('Y-m-d H:i:s'),
105 | 				]);
106 | 			}
107 | 	}
108 | 
109 | 	exit(json_encode($results));
110 | } else {
111 | 	$results = [];
112 | 
113 | 	switch ($request->get('action')) {
114 | 		case 'name':
115 | 			$rows = $db->select('provider', '1=1 ORDER BY `name`');
116 | 
117 | 			if (!empty($rows)) {
118 | 				foreach ($rows as $row) {
119 | 					$results[$row['provider_id']] = $row['name'];
120 | 				}
121 | 			}
122 | 
123 | 			exit(json_encode($results));
124 | 
125 | 		case 'control-panel':
126 | 			$rows = $db->execute('SELECT DISTINCT `control_panel_name` FROM `provider` ORDER BY `control_panel_name`');
127 | 
128 | 			if (!empty($rows)) {
129 | 				foreach ($rows as $row) {
130 | 					$results[] = $row['control_panel_name'];
131 | 				}
132 | 			}
133 | 
134 | 			exit(json_encode($results));
135 | 
136 | 		default:
137 | 			exit(json_encode($db->execute('SELECT *, (SELECT COUNT(*) FROM `machine` WHERE `provider_id` = p.`provider_id`) AS `total_machine` FROM `provider` p ORDER BY p.`name`')));
138 | 	}
139 | }
140 | 


--------------------------------------------------------------------------------
/install/tables.sql:
--------------------------------------------------------------------------------
 1 | DROP TABLE IF EXISTS 'provider';
 2 | DROP TABLE IF EXISTS 'machine';
 3 | DROP TABLE IF EXISTS 'country';
 4 | DROP TABLE IF EXISTS 'currency_rate';
 5 | 
 6 | CREATE TABLE 'payment_cycle' (
 7 | 	'payment_cycle_id'	INTEGER NOT NULL,
 8 | 	'name'	TEXT,
 9 | 	'month'	INTEGER,
10 | 	PRIMARY KEY('payment_cycle_id' AUTOINCREMENT)
11 | );
12 | 
13 | INSERT INTO `payment_cycle` (`name`, `month`) VALUES ('Monthly', 1), ('Quarterly', 3), ('Semi-Yearly', 6), ('Yearly', 12), ('Bi-Yearly', 24), ('Tri-Yearly', 36);
14 | 
15 | CREATE TABLE 'provider' (
16 | 	'provider_id'	INTEGER NOT NULL,
17 | 	'name'	TEXT,
18 | 	'website'	TEXT,
19 | 	'control_panel_name'	TEXT,
20 | 	'control_panel_url'	TEXT,
21 | 	'date_created' TEXT,
22 | 	'date_modified' TEXT,
23 | 	PRIMARY KEY('provider_id' AUTOINCREMENT)
24 | );
25 | 
26 | CREATE TABLE 'machine' (
27 | 	'machine_id'	INTEGER NOT NULL,
28 | 	'is_hidden'	INTEGER,
29 | 	'is_nat'	INTEGER,
30 | 	'label'	TEXT,
31 | 	'virtualization'	TEXT,
32 | 	'cpu_speed'	INTEGER,
33 | 	'cpu_core'	INTEGER,
34 | 	'memory'	INTEGER,
35 | 	'swap'	INTEGER,
36 | 	'disk_type'	TEXT,
37 | 	'disk_space'	INTEGER,
38 | 	'bandwidth'	INTEGER,
39 | 	'ip_address'	TEXT,
40 | 	'country_code'	TEXT,
41 | 	'city_name'	TEXT,
42 | 	'price'	INTEGER,
43 | 	'currency_code'	TEXT,
44 | 	'payment_cycle_id'	INTEGER,
45 | 	'due_date'	TEXT,
46 | 	'notes'	TEXT,
47 | 	'date_created' TEXT,
48 | 	'date_modified' TEXT,
49 | 	'provider_id'	INTEGER NOT NULL,
50 | 	PRIMARY KEY('machine_id' AUTOINCREMENT)
51 | );
52 | 
53 | CREATE TABLE 'country' (
54 | 	'country_code'	TEXT,
55 | 	'country_name'	TEXT,
56 | 	PRIMARY KEY('country_code')
57 | );
58 | 
59 | INSERT INTO 'country' VALUES ('AL', 'Albania'), ('DZ', 'Algeria'), ('AO', 'Angola'), ('AR', 'Argentina'), ('AM', 'Armenia'), ('AU', 'Australia'), ('AT', 'Austria'), ('AZ', 'Azerbaijan'), ('BH', 'Bahrain'),  ('BD', 'Bangladesh'), ('BB', 'Barbados'), ('BY', 'Belarus'), ('BE', 'Belgium'), ('BT', 'Bhutan'), ('BW', 'Botswana'), ('BR', 'Brazil'),  ('BN', 'Brunei Darussalam'), ('BG', 'Bulgaria'), ('BF', 'Burkina Faso'), ('KH', 'Cambodia'), ('CA', 'Canada'), ('CL', 'Chile'), ('CN', 'China'), ('CO', 'Colombia'), ('CD', 'Congo, the Democratic Republic of the'), ('CR', 'Costa Rica'), ('HR', 'Croatia'), ('CW', 'Curaçao'), ('CY', 'Cyprus'), ('CZ', 'Czech Republic'), ('DK', 'Denmark'), ('DJ', 'Djibouti'), ('DO', 'Dominican Republic'), ('EC', 'Ecuador'), ('EG', 'Egypt'), ('EE', 'Estonia'), ('FI', 'Finland'), ('FR', 'France'), ('PF', 'French Polynesia'), ('GE', 'Georgia'), ('DE', 'Germany'), ('GH', 'Ghana'), ('GR', 'Greece'), ('GD', 'Grenada'), ('GU', 'Guam'), ('GT', 'Guatemala'), ('GY', 'Guyana'), ('HK', 'Hong Kong'), ('HN', 'Honduras'), ('HU', 'Hungary'), ('IS', 'Iceland'), ('IN', 'India'), ('ID', 'Indonesia'), ('IQ', 'Iraq'), ('IE', 'Ireland'), ('IL', 'Israel'), ('IT', 'Italy'), ('JM', 'Jamaica'), ('JP', 'Japan'), ('JO', 'Jordan'), ('KZ', 'Kazakhstan'), ('KE', 'Kenya'), ('KR', 'Korea, Republic of'), ('KW', 'Kuwait'), ('LA', 'Lao People''s Democratic Republic'), ('LV', 'Latvia'), ('LB', 'Lebanon'), ('LT', 'Lithuania'), ('LU', 'Luxembourg'), ('MG', 'Madagascar'), ('MY', 'Malaysia'), ('MV', 'Maldives'), ('MU', 'Mauritius'), ('MX', 'Mexico'), ('MD', 'Moldova, Republic of'), ('MN', 'Mongolia'), ('MA', 'Morocco'), ('MZ', 'Mozambique'), ('MM', 'Myanmar'), ('NP', 'Nepal'), ('NL', 'Netherlands'), ('NC', 'New Caledonia'), ('NZ', 'New Zealand'), ('NG', 'Nigeria'), ('NO', 'Norway'), ('OM', 'Oman'), ('PK', 'Pakistan'), ('PA', 'Panama'), ('PY', 'Paraguay'), ('PE', 'Peru'), ('PH', 'Philippines'), ('PL', 'Poland'), ('PT', 'Portugal'), ('QA', 'Qatar'), ('RO', 'Romania'), ('RU', 'Russian Federation'), ('RW', 'Rwanda'), ('SA', 'Saudi Arabia'), ('SN', 'Senegal'), ('RS', 'Serbia'), ('SG', 'Singapore'), ('SK', 'Slovakia'), ('ZA', 'South Africa'), ('ES', 'Spain'), ('LK', 'Sri Lanka'), ('SR', 'Suriname'), ('SE', 'Sweden'), ('CH', 'Switzerland'), ('TW', 'Taiwan'), ('TZ', 'Tanzania, United Republic of'), ('TH', 'Thailand'), ('TN', 'Tunisia'), ('TR', 'Turkey'), ('UA', 'Ukraine'), ('AE', 'United Arab Emirates'), ('GB', 'United Kingdom'), ('US', 'United States'), ('UZ', 'Uzbekistan'), ('VN', 'Viet Nam'), ('ZW', 'Zimbabwe');
60 | 
61 | CREATE TABLE 'currency_rate' (
62 | 	'currency_code'	TEXT,
63 | 	'rate'	INTEGER,
64 | 	PRIMARY KEY('currency_code')
65 | );
66 | 
67 | INSERT INTO 'currency_rate' VALUES ('USD', 10000), ('EUR', 9118), ('GBP', 7960), ('MYR', 46699), ('JPY', 1471434), ('AUD', 15182);


--------------------------------------------------------------------------------
/assets/css/style.min.css:
--------------------------------------------------------------------------------
1 | .logo{width:170px;margin-left:auto;margin-right:auto;}.logo h3 small{font-size:.5em;display:block;text-align:right;}code{color:var(--bs-gray-100);}.btn{padding-top:.5em;padding-bottom:.5em;}.loader-inner{transform:scale(.5,.5);}.input-group>.btn-end{border-top-right-radius:var(--bs-border-radius)!important;border-bottom-right-radius:var(--bs-border-radius)!important;}.modal-header{border-bottom:none;}.modal-footer{border-top:none;}.pointer{cursor:pointer;}label{-webkit-user-select:none;-ms-user-select:none;user-select:none;}.datepicker-dropdown{box-shadow:var(--bs-box-shadow)!important;padding:10px;}.datepicker td,.datepicker th{width:35px;}.datepicker table tr td.today,.datepicker table tr td.today.disabled,.datepicker table tr td.today.disabled:hover,.datepicker table tr td.today:hover{background-image:none;}#page-provider table tbody tr .invisible{visibility:visible!important;}#page-provider table tbody tr:hover .invisible{visibility:visible!important;}#page-provider table tbody tr.edit td{padding-top:.3rem;padding-left:0;padding-bottom:.2rem;}#page-provider table tbody tr.edit .form-control-sm{font-size:1rem;padding-left:.5rem;margin-left:0;margin-top:-.2rem;}.badge-sm{font-size:.65em;}.tooltip-primary.tooltip>.tooltip-inner{background-color:var(--bs-primary);}.tooltip-primary.bs-tooltip-top .tooltip-arrow::before,.tooltip-primary.bs-tooltip-auto[data-popper-placement^='top'] .tooltip-arrow::before{border-top-color:var(--bs-primary);}.tooltip-primary.bs-tooltip-end .tooltip-arrow::before,.tooltip-primary.bs-tooltip-auto[data-popper-placement^='right'] .tooltip-arrow::before{border-right-color:var(--bs-primary);}.tooltip-primary.bs-tooltip-bottom .tooltip-arrow::before,.tooltip-primary.bs-tooltip-auto[data-popper-placement^='bottom'] .tooltip-arrow::before{border-bottom-color:var(--bs-primary);}.tooltip-primary.bs-tooltip-start .tooltip-arrow::before,.tooltip-primary.bs-tooltip-auto[data-popper-placement^='left'] .tooltip-arrow::before{border-left-color:var(--bs-primary);}.tooltip-danger.tooltip>.tooltip-inner{background-color:var(--bs-danger);}.tooltip-danger.bs-tooltip-top .tooltip-arrow::before,.tooltip-danger.bs-tooltip-auto[data-popper-placement^='top'] .tooltip-arrow::before{border-top-color:var(--bs-danger);}.tooltip-danger.bs-tooltip-end .tooltip-arrow::before,.tooltip-danger.bs-tooltip-auto[data-popper-placement^='right'] .tooltip-arrow::before{border-right-color:var(--bs-danger);}.tooltip-danger.bs-tooltip-bottom .tooltip-arrow::before,.tooltip-danger.bs-tooltip-auto[data-popper-placement^='bottom'] .tooltip-arrow::before{border-bottom-color:var(--bs-danger);}.tooltip-danger.bs-tooltip-start .tooltip-arrow::before,.tooltip-danger.bs-tooltip-auto[data-popper-placement^='left'] .tooltip-arrow::before{border-left-color:var(--bs-danger);}.tooltip-warning.tooltip>.tooltip-inner{background-color:var(--bs-warning);}.tooltip-warning.bs-tooltip-top .tooltip-arrow::before,.tooltip-warning.bs-tooltip-auto[data-popper-placement^='top'] .tooltip-arrow::before{border-top-color:var(--bs-warning);}.tooltip-warning.bs-tooltip-end .tooltip-arrow::before,.tooltip-warning.bs-tooltip-auto[data-popper-placement^='right'] .tooltip-arrow::before{border-right-color:var(--bs-warning);}.tooltip-warning.bs-tooltip-bottom .tooltip-arrow::before,.tooltip-warning.bs-tooltip-auto[data-popper-placement^='bottom'] .tooltip-arrow::before{border-bottom-color:var(--bs-warning);}.tooltip-warning.bs-tooltip-start .tooltip-arrow::before,.tooltip-warning.bs-tooltip-auto[data-popper-placement^='left'] .tooltip-arrow::before{border-left-color:var(--bs-warning);}div.dataTables_processing>div:last-child>div{background:var(--bs-danger);}.search{position:relative;}.search input{text-indent:20px;border:2px solid #d6d4d4;}.search>.bi{position:absolute;top:8px;font-size:.95em;color:var(--bs-dark);background-color:transparent;padding-left:5px;padding-right:5px;}.search .bi-search{left:8px;}.search .bi-x-lg{right:8px;cursor:pointer;}.filter-list .badge .bi-x{cursor:pointer;}.search .dropdown-item code{font-size:1em;color:var(--bs-success);background-color:var(--bs-gray-200);font-family:inherit;}.panel{border:none;}.search-not-match{display:none!important;}@media (min-width:576px){}@media (min-width:768px){.panel{border:var(--bs-card-border-width) solid var(--bs-card-border-color)}}@media (min-width:992px){#page-provider table tbody tr .invisible{visibility:hidden!important}}@media (min-width:1200px){}@media (min-width:1400px){}


--------------------------------------------------------------------------------
/libraries/Http/Request.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Http;
  4 | 
  5 | class Request
  6 | {
  7 | 	/**
  8 | 	 * Get client IP address.
  9 | 	 *
 10 | 	 * @param bool $detectForwardedIp get client ip from forwarded headers
 11 | 	 *
 12 | 	 * @return string
 13 | 	 */
 14 | 	public function clientIp($detectForwardedIp = false)
 15 | 	{
 16 | 		if ($detectForwardedIp) {
 17 | 			if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], \FILTER_VALIDATE_IP, \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE)) {
 18 | 				return $_SERVER['HTTP_CF_CONNECTING_IP'];
 19 | 			}
 20 | 
 21 | 			if (isset($_SERVER['X-Real-IP']) && filter_var($_SERVER['X-Real-IP'], \FILTER_VALIDATE_IP, \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE)) {
 22 | 				return $_SERVER['X-Real-IP'];
 23 | 			}
 24 | 
 25 | 			if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
 26 | 				$ip = trim(current(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])));
 27 | 
 28 | 				if (filter_var($ip, \FILTER_VALIDATE_IP, \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE)) {
 29 | 					return $ip;
 30 | 				}
 31 | 			}
 32 | 		}
 33 | 
 34 | 		return $_SERVER['REMOTE_ADDR'] ?? '';
 35 | 	}
 36 | 
 37 | 	/**
 38 | 	 * Get current page URL.
 39 | 	 *
 40 | 	 * @return string
 41 | 	 */
 42 | 	public function currentUrl()
 43 | 	{
 44 | 		return 'http' . (($this->isHttps()) ? 's' : '') . '://' . $_SERVER['SERVER_NAME'] . (($_SERVER['SERVER_PORT'] == '80' || ($_SERVER['SERVER_PORT'] == '443' && $this->isHttps())) ? '' : (':' . $_SERVER['SERVER_PORT'])) . $_SERVER['REQUEST_URI'];
 45 | 	}
 46 | 
 47 | 	/**
 48 | 	 * Get client user agent.
 49 | 	 *
 50 | 	 * @return string
 51 | 	 */
 52 | 	public function userAgent()
 53 | 	{
 54 | 		return $_SERVER['HTTP_USER_AGENT'] ?? '';
 55 | 	}
 56 | 
 57 | 	/**
 58 | 	 * Get page referer if available.
 59 | 	 *
 60 | 	 * @return string
 61 | 	 */
 62 | 	public function referer()
 63 | 	{
 64 | 		return $_SERVER['HTTP_REFERER'] ?? '';
 65 | 	}
 66 | 
 67 | 	/**
 68 | 	 * Check if current page is HTTPS.
 69 | 	 *
 70 | 	 * @return bool
 71 | 	 */
 72 | 	public function isHttps()
 73 | 	{
 74 | 		return (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ? true : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false);
 75 | 	}
 76 | 
 77 | 	/**
 78 | 	 * Get value from a GET request.
 79 | 	 *
 80 | 	 * @param string $key        The query name
 81 | 	 * @param string $default    Default value if not found
 82 | 	 * @param bool   $allowArray Allow input as array
 83 | 	 *
 84 | 	 * @return array|string
 85 | 	 */
 86 | 	public function get($key, $default = '', $allowArray = false)
 87 | 	{
 88 | 		return (isset($_GET[$key])) ? $this->sanitize($_GET[$key], $allowArray) : $default;
 89 | 	}
 90 | 
 91 | 	/**
 92 | 	 * Get value from a POST request.
 93 | 	 *
 94 | 	 * @param string $key        The query name
 95 | 	 * @param string $default    Default value if not found
 96 | 	 * @param bool   $allowArray Allow input as array
 97 | 	 *
 98 | 	 * @return array|string
 99 | 	 */
100 | 	public function post($key, $default = '', $allowArray = false)
101 | 	{
102 | 		return (isset($_POST[$key])) ? $this->sanitize($_POST[$key], $allowArray) : $default;
103 | 	}
104 | 
105 | 	/**
106 | 	 * Check if this is a form post request.
107 | 	 *
108 | 	 * @return bool
109 | 	 */
110 | 	public function isPost()
111 | 	{
112 | 		return isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST';
113 | 	}
114 | 
115 | 	/**
116 | 	 * Get value from a cookie.
117 | 	 *
118 | 	 * @param string $key        The query name
119 | 	 * @param string $default    Default value if cookie not found
120 | 	 * @param bool   $allowArray Allow input as array
121 | 	 *
122 | 	 * @return array|string
123 | 	 */
124 | 	public function cookie($key, $default = '', $allowArray = false)
125 | 	{
126 | 		return (isset($_COOKIE[$key])) ? $this->sanitize($_COOKIE[$key], $allowArray) : $default;
127 | 	}
128 | 
129 | 	/**
130 | 	 * Sanitize text for display to prevent XSS attacks.
131 | 	 *
132 | 	 * @param string $text
133 | 	 *
134 | 	 * @return string
135 | 	 */
136 | 	public function input($text)
137 | 	{
138 | 		return htmlspecialchars((string) $text, ENT_QUOTES | ENT_HTML5, 'UTF-8');
139 | 	}
140 | 
141 | 	/**
142 | 	 * Clean up string to display safely in HTML.
143 | 	 *
144 | 	 * @param string $text       Input string
145 | 	 * @param mixed  $allowArray Allow input as array
146 | 	 *
147 | 	 * @return string
148 | 	 */
149 | 	private function sanitize($text, $allowArray = false)
150 | 	{
151 | 		if (\is_array($text) && !$allowArray) {
152 | 			return '';
153 | 		}
154 | 
155 | 		if (!\is_array($text) && !\is_object($text)) {
156 | 			return htmlspecialchars_decode(trim($text));
157 | 		}
158 | 
159 | 		foreach ($text as $key => $value) {
160 | 			(\is_array($text)) ? $text[$key] = $this->sanitize($value, $allowArray) : $text->{$key} = $this->sanitize($value, $allowArray);
161 | 		}
162 | 
163 | 		return $text;
164 | 	}
165 | }
166 | 


--------------------------------------------------------------------------------
/assets/js/settings.min.js:
--------------------------------------------------------------------------------
1 | class Settings{constructor(){var e=this;$("#menu-settings").on("click",(function(e){e.preventDefault(),$("#modal-settings").modal("show")})),$("#modal-settings").on("show.bs.modal",(function(){$.cookie("theme")&&$('select[name="theme"]').val($.cookie("theme")),$.cookie("page-length")&&$('select[name="page-length"]').val($.cookie("page-length")),e.refreshCurrencyList()})),$('select[name="theme"]').on("change",(function(){$.cookie("theme",$(this).val()),window.location.href=window.location.href})),$('select[name="page-length"]').on("change",(function(){$.cookie("page-length",$(this).val()),window.location.href=window.location.href})),$("#btn-add-currency").on("click",(function(t){t.preventDefault(),e.refreshCurrencyList();var n=$("<tr>").append('<td><input type="text" name="code" value="" class="form-control form-control-sm" maxlength="3"></td>').append('<td><input type="text" name="rate" value="" class="form-control form-control-sm text-end"></td>'),a=$('<i class="bi bi-check pointer me-2">').on("click",(function(t){t.preventDefault(),n.find(".is-invalid").removeClass("is-invalid"),$.post("./currency.json",{new:n.find('input[name="code"]').val(),rate:n.find('input[name="rate"]').val(),__CSRF_TOKEN__:$('input[name="__CSRF_TOKEN__"]').val()},(function(t){Object.keys(t.errors).length>0?$.each(t.errors,(function(e){n.find('input[name="'+e+'"]').addClass("is-invalid")})):e.refreshCurrencyList()})).fail((function(){alert("Connection lost, please try again.")})).always((function(e){$('input[name="'+e.csrf.name+'"]').val(e.csrf.value)}))})),o=$('<i class="bi bi-x pointer">').on("click",(function(e){e.preventDefault(),n.remove()}));$("#table-currency tbody").prepend(n.append($('<td class="text-end">').append(a).append(o)))}))}refreshCurrencyList(){var e=this;$("#table-currency tbody").empty(),$.get("./currency.json",(function(t){t.length>0&&$.each(t,(function(t,n){var a=$('<tr class="display">'),o=$('<tr class="edit d-none">').append('<td><input type="text" name="code" value="'+n.currency_code+'" data-value="'+n.currency_code+'" class="form-control form-control-sm" maxlength="3"></td>').append('<td><input type="text" name="rate" value="'+n.rate+'" data-value="'+n.rate+'" class="form-control form-control-sm text-end"></td>'),r=$('<i class="bi bi-pencil-square pointer me-2">').on("click",(function(e){e.preventDefault(),$("#table-currency tr.display").toggleClass("d-none",!1),$("#table-currency tr.edit").toggleClass("d-none",!0),a.toggleClass("d-none",!0),o.toggleClass("d-none",!1)})),s=$('<i class="bi bi-trash pointer">').on("click",(function(e){e.preventDefault();var t=$('<div class="dropdown-menu dropdown-confirm show">'),o=$('<div class="overlay position-absolute top-0 start-0 opacity-50 bg-light w-100 h-100">'),r=$('<div class="p-2">').append('<h6>Confirm to delete <span class="text-danger"><strong>'+n.currency_code+"</strong></span>?</h6>"),s=$('<button class="btn btn-sm btn-outline-secondary" style="padding:.1rem 1rem;margin-right:.5rem">').html("No").on("click",(function(e){e.preventDefault(),o.remove(),$("#currency-list").addClass("overflow-auto").removeClass("overflow-hidden"),$(this).closest("tr").removeClass("table-light"),t.remove()})),i=$('<button class="btn btn-sm btn-danger" style="padding:.1rem 1rem">').html("Yes").on("click",(function(e){e.preventDefault(),o.remove(),$("#currency-list").addClass("overflow-auto").removeClass("overflow-hidden"),$(this).closest("tr").removeClass("table-light"),a.closest("tr").remove(),a.remove(),$.post("./currency.json",{action:"delete",code:n.currency_code,__CSRF_TOKEN__:$('input[name="__CSRF_TOKEN__"]').val()},(function(){})).fail((function(){alert("Connection lost, please try again.")})).always((function(e){$('input[name="'+e.csrf.name+'"]').val(e.csrf.value)}))}));$(".dropdown-confirm").remove(),$(this).after(t.append(r).append($('<div class="mt-1 text-center">').append(s).append(i))),t.offset({top:$(this).offset().top+$(this).outerHeight()-t.outerHeight(),left:$(this).offset().left-$(this).outerWidth()-t.outerWidth()}),$("#currency-list").removeClass("overflow-auto").addClass("overflow-hidden").prepend(o),$(this).closest("tr").addClass("table-light")})),i=$('<i class="bi bi-check pointer me-2">').on("click",(function(t){t.preventDefault(),o.find(".is-invalid").removeClass("is-invalid"),$.post("./currency.json",{code:n.currency_code,new:o.find('input[name="code"]').val(),rate:o.find('input[name="rate"]').val(),__CSRF_TOKEN__:$('input[name="__CSRF_TOKEN__"]').val()},(function(t){Object.keys(t.errors).length>0?$.each(t.errors,(function(e){o.find('input[name="'+e+'"]').addClass("is-invalid")})):e.refreshCurrencyList()})).fail((function(){alert("Connection lost, please try again.")})).always((function(e){$('input[name="'+e.csrf.name+'"]').val(e.csrf.value)}))})),l=$('<i class="bi bi-x pointer">').on("click",(function(e){e.preventDefault(),o.find('input[name="code"]').val(o.find('input[name="code"]').data("value")),o.find('input[name="rate"]').val(o.find('input[name="rate"]').data("value")),o.find(".is-invalid").removeClass("is-invalid"),a.toggleClass("d-none",!1),o.toggleClass("d-none",!0)}));"USD"==n.currency_code?(a.append('<td class="text-muted"><strong>'+n.currency_code+"</strong></td>").append('<td class="text-end text-muted"><strong>'+n.rate+"</strong></td>").append('<td class="text-end">&nbsp;</td>'),$("#table-currency tbody").append(a)):(a.append("<td>"+n.currency_code+"</td>").append('<td class="text-end">'+n.rate+"</td>").append($('<td class="text-end">').append(r).append(s)),$("#table-currency tbody").append(a),$("#table-currency tbody").append(o.append($('<td class="text-end">').append(i).append(l))))}))})).fail((function(){alert("Connection lost, please try again.")}))}}


--------------------------------------------------------------------------------
/assets/js/search.min.js:
--------------------------------------------------------------------------------
1 | !function(e){e.fn.search=function(t){var a=[],i={Bandwidth:{operators:{Equals:"=","Greater Than":">","Less Than":"<"},unit:"GB",description:"<code>number</code> <strong>GB</strong>"},City:{operators:{Contains:":",Equals:"="},description:"<code>text</code>"},Country:{operators:{Contains:":",Equals:"="},description:"<code>ISO 3166-2 code or country name</code>"},"CPU Core":{operators:{Equals:"=","Greater Than":">","Less Than":"<"},description:"<code>number</code>"},"CPU Speed":{operators:{Equals:"=","Greater Than":">","Less Than":"<"},unit:"MHz",description:"<code>number</code> <strong>MHz</strong>"},"Disk Type":{operators:{Equals:"="},values:variables.diskTypes,description:""},"Disk Space":{operators:{Equals:"=","Greater Than":">","Less Than":"<"},unit:"GB",description:"<code>number</code> <strong>GB</strong>"},"IP Address":{operators:{Contains:":",Equals:"="},description:"<code>text</code>"},Label:{operators:{Contains:":",Equals:"="},description:"<code>text</code>"},NAT:{operators:{Equals:"="},values:["Yes","No"],description:""},Provider:{operators:{Contains:":",Equals:"="},description:"<code>text</code>"},RAM:{operators:{Equals:"=","Greater Than":">","Less Than":"<"},unit:"MB",description:"<code>number</code> <strong>MB</strong>"},Virtualization:{operators:{Equals:"="},values:variables.virtualizations,description:""},Visibility:{operators:{Equals:"="},values:["All","Visible","Hidden"],description:""}},n=e.extend({},{placeholder:"",onFilterChanged:function(){}},t),o=e('<ul class="dropdown-menu shadow">'),r=e('<input type="text" class="form-control" placeholder="'+n.placeholder+'" autocomplete="off" autocapitalize="off">').on("focus",(function(){c(),p()})).on("blur",(function(){setTimeout((function(){r.is(":focus")||d()}),200)})).on("keypress",(function(e){13===e.which&&(e.preventDefault(),h())})).on("keydown",(function(e){9===e.which&&(e.preventDefault(),h())})).on("input",(function(){s.toggleClass("d-none",!r.val()),p()})),s=e('<i class="bi bi-x-lg d-none"></i>').on("click",(function(){r.val(""),e(this).addClass("d-none")})),l=e('<div class="filter-list mt-2">'),c=function(){o.toggleClass("show",!0)},d=function(){o.toggleClass("show",!1)},p=function(){if(o.toggleClass("show",!0).empty(),r.val().length>0){var t=e('<a class="dropdown-item" href="#">').html('<div style="max-width: 300px; white-space: pre-wrap; word-wrap: break-word; word-break: break-word"><strong>Search: </strong>'+r.val()+"</div>").on("click",(function(){u("Search",":",r.val(),""),f(),r.val("").trigger("input"),d()}));o.append(e('<li class="filter-item filter-search">').append(t))}e.each(i,(function(t,a){var i=!1;if(t.toLowerCase().includes(r.val().toLowerCase())||r.val().toLowerCase().includes(t.toLowerCase()))if(0==o.find(".dropdown-header").length&&o.append('<li><h5 class="dropdown-header">Filters</h5></li>'),t.toLowerCase()!=r.val().toLowerCase()){if(e.each(a.operators,(function(n,s){if(r.val().toLowerCase().includes(t.toLowerCase()+" "+s)){if(void 0!==a.values)e.each(a.values,(function(i,n){var l=e('<a class="dropdown-item" href="#">').html("<strong>"+t+"</strong> "+s+" "+n).on("click",(function(e){e.preventDefault(),r.val("").trigger("input"),u(t,s,n,void 0!==a.unit?a.unit:""),f(),d()}));o.append(e('<li class="filter-item">').append(l))}));else{var l=e('<a class="dropdown-item" href="#">').html("<strong>"+t+"</strong> "+s+" "+a.description).on("click",(function(e){r.focus(),e.preventDefault()}));o.append(e('<li class="filter-item">').append(l))}return i=!0,!1}})),i)return!1;var n=e('<a class="dropdown-item" href="#">').html(t.replace(new RegExp("("+r.val()+")","ig"),"<code>$1</code>")).on("click",(function(e){e.preventDefault(),r.val(t).trigger("input").focus(),p()}));o.append(e('<li class="filter-item">').append(n))}else e.each(a.operators,(function(a,i){var n=e('<a class="dropdown-item" href="#">').html(t.replace(new RegExp("("+r.val()+")","ig"),"<code>$1</code> "+i+'<small class="d-block">'+a+"</small>")).on("click",(function(e){e.preventDefault(),r.val(t+" "+i+" ").trigger("input").focus()}));o.append(e('<li class="filter-item">').append(n))}))}))},u=function(t,i,o,r){var s=!1;0!==(o=o.replace(/;/g,"").trim()).length&&(Object.keys(a).length>0&&e.each(a,(function(e,a){if(a.filter==t&&a.operator==i&&a.value==o)return s=!0,!1})),s||(a.push({filter:t,operator:i,value:o,unit:r}),n.onFilterChanged(a)))},f=function(){if(l.empty(),Object.keys(a).length>0){e.each(a,(function(t,i){var o=e('<i class="bi bi-x">').on("click",(function(){var t,o,r;t=i.filter,o=i.operator,r=i.value,Object.keys(a).length>0&&e.each(a,(function(e,i){if(i.filter==t&&i.operator==o&&i.value==r)return a.splice(e,1),!1})),f(),n.onFilterChanged(a)}));l.append(e('<span class="badge text-bg-warning me-1">').html(i.filter+" "+i.operator+" "+i.value+(void 0!==i.unit?" "+i.unit:"")).append(o))}));var t=e('<button class="btn btn-sm btn-outline-warning p-0 px-1 mt-1 float-end" type="button">').html('<i class="bi bi-x-circle-fill"></i> Clear Filters').on("click",(function(){a=[],r.val("").trigger("input"),f(),n.onFilterChanged(a),d()}));l.append(t).append('<div class="clearfix"></div>')}},h=function(){if(0==o.find("li.filter-item a.active").length){var t=!1;e.each([":","=","<",">"],(function(a,n){if(r.val().includes(n)){var o=r.val().split(n),s=!1,l="";return t=!0,e.each(i,(function(t,a){o[0].trim()==t&&e.each(a.operators,(function(e,t){if(n==t&&o[1].trim().length>0)return s=!0,l=void 0!==a.unit?a.unit:"",!1}))})),s&&u(o[0].trim(),n,o[1].trim(),l),f(),r.val("").trigger("input"),d(),!1}})),!t&&r.val().length>0&&(u("Search",":",r.val(),""),f(),r.val("").trigger("input"),d())}else o.find("li.filter-item a.active").trigger("click")};this.addClass("d-none").after(e('<div class="search">').append('<i class="bi bi-search"></i>').append(r).append(s).append(o).append(l)),e(document).on("keydown",(function(t){switch(t.which){case 27:t.preventDefault(),d();break;case 38:o.hasClass("show")&&t.preventDefault();var a=o.find("li.filter-item a");0==o.find("li.filter-item a.active").length?e(a[0]).text()?e(a[0]).addClass("active"):e(a[1]).addClass("active"):e.each(a,(function(t,i){if(e(i).hasClass("active"))return e(i).removeClass("active"),e(a[(0==t?a.length:t)-1]).addClass("active"),!1}));break;case 40:o.hasClass("show")&&t.preventDefault();a=o.find("li.filter-item a");0==o.find("li.filter-item a.active").length?e(a[0]).text()?e(a[0]).addClass("active"):e(a[1]).addClass("active"):e.each(a,(function(t,i){if(e(i).hasClass("active"))return e(i).removeClass("active"),e(a[(t==a.length-1?-1:t)+1]).addClass("active"),!1}));break}}))}}(jQuery);


--------------------------------------------------------------------------------
/assets/css/style.css:
--------------------------------------------------------------------------------
  1 | .logo {
  2 | 	width: 170px;
  3 | 	margin-left: auto;
  4 | 	margin-right: auto;
  5 | }
  6 | 
  7 | .logo h3 small {
  8 | 	font-size: 0.5em;
  9 | 	display: block;
 10 | 	text-align: right;
 11 | }
 12 | 
 13 | code {
 14 | 	color: var(--bs-gray-100);
 15 | }
 16 | 
 17 | .btn {
 18 | 	padding-top: 0.5em;
 19 | 	padding-bottom: 0.5em;
 20 | }
 21 | 
 22 | .loader-inner {
 23 | 	transform: scale(0.5, 0.5);
 24 | }
 25 | 
 26 | .input-group > .btn-end {
 27 | 	border-top-right-radius: var(--bs-border-radius) !important;
 28 | 	border-bottom-right-radius: var(--bs-border-radius) !important;
 29 | }
 30 | 
 31 | .modal-header {
 32 | 	border-bottom: none;
 33 | }
 34 | 
 35 | .modal-footer {
 36 | 	border-top: none;
 37 | }
 38 | 
 39 | .pointer {
 40 | 	cursor: pointer;
 41 | }
 42 | 
 43 | label {
 44 | 	-webkit-user-select: none;
 45 | 	-ms-user-select: none;
 46 | 	user-select: none;
 47 | }
 48 | 
 49 | .datepicker-dropdown {
 50 | 	box-shadow: var(--bs-box-shadow) !important;
 51 | 	padding: 10px;
 52 | }
 53 | 
 54 | .datepicker td,
 55 | .datepicker th {
 56 | 	width: 35px;
 57 | }
 58 | 
 59 | .datepicker table tr td.today,
 60 | .datepicker table tr td.today.disabled,
 61 | .datepicker table tr td.today.disabled:hover,
 62 | .datepicker table tr td.today:hover {
 63 | 	background-image: none;
 64 | }
 65 | 
 66 | #page-provider table tbody tr .invisible {
 67 | 	visibility: visible !important;
 68 | }
 69 | 
 70 | #page-provider table tbody tr:hover .invisible {
 71 | 	visibility: visible !important;
 72 | }
 73 | 
 74 | #page-provider table tbody tr.edit td {
 75 | 	padding-top: 0.3rem;
 76 | 	padding-left: 0;
 77 | 	padding-bottom: 0.2rem;
 78 | }
 79 | 
 80 | #page-provider table tbody tr.edit .form-control-sm {
 81 | 	font-size: 1rem;
 82 | 	padding-left: 0.5rem;
 83 | 	margin-left: 0;
 84 | 	margin-top: -0.2rem;
 85 | }
 86 | 
 87 | .badge-sm {
 88 | 	font-size: 0.65em;
 89 | }
 90 | 
 91 | .tooltip-primary.tooltip > .tooltip-inner {
 92 | 	background-color: var(--bs-primary);
 93 | }
 94 | 
 95 | .tooltip-primary.bs-tooltip-top .tooltip-arrow::before,
 96 | .tooltip-primary.bs-tooltip-auto[data-popper-placement^='top'] .tooltip-arrow::before {
 97 | 	border-top-color: var(--bs-primary);
 98 | }
 99 | 
100 | .tooltip-primary.bs-tooltip-end .tooltip-arrow::before,
101 | .tooltip-primary.bs-tooltip-auto[data-popper-placement^='right'] .tooltip-arrow::before {
102 | 	border-right-color: var(--bs-primary);
103 | }
104 | 
105 | .tooltip-primary.bs-tooltip-bottom .tooltip-arrow::before,
106 | .tooltip-primary.bs-tooltip-auto[data-popper-placement^='bottom'] .tooltip-arrow::before {
107 | 	border-bottom-color: var(--bs-primary);
108 | }
109 | 
110 | .tooltip-primary.bs-tooltip-start .tooltip-arrow::before,
111 | .tooltip-primary.bs-tooltip-auto[data-popper-placement^='left'] .tooltip-arrow::before {
112 | 	border-left-color: var(--bs-primary);
113 | }
114 | 
115 | .tooltip-danger.tooltip > .tooltip-inner {
116 | 	background-color: var(--bs-danger);
117 | }
118 | 
119 | .tooltip-danger.bs-tooltip-top .tooltip-arrow::before,
120 | .tooltip-danger.bs-tooltip-auto[data-popper-placement^='top'] .tooltip-arrow::before {
121 | 	border-top-color: var(--bs-danger);
122 | }
123 | 
124 | .tooltip-danger.bs-tooltip-end .tooltip-arrow::before,
125 | .tooltip-danger.bs-tooltip-auto[data-popper-placement^='right'] .tooltip-arrow::before {
126 | 	border-right-color: var(--bs-danger);
127 | }
128 | 
129 | .tooltip-danger.bs-tooltip-bottom .tooltip-arrow::before,
130 | .tooltip-danger.bs-tooltip-auto[data-popper-placement^='bottom'] .tooltip-arrow::before {
131 | 	border-bottom-color: var(--bs-danger);
132 | }
133 | 
134 | .tooltip-danger.bs-tooltip-start .tooltip-arrow::before,
135 | .tooltip-danger.bs-tooltip-auto[data-popper-placement^='left'] .tooltip-arrow::before {
136 | 	border-left-color: var(--bs-danger);
137 | }
138 | 
139 | .tooltip-warning.tooltip > .tooltip-inner {
140 | 	background-color: var(--bs-warning);
141 | }
142 | 
143 | .tooltip-warning.bs-tooltip-top .tooltip-arrow::before,
144 | .tooltip-warning.bs-tooltip-auto[data-popper-placement^='top'] .tooltip-arrow::before {
145 | 	border-top-color: var(--bs-warning);
146 | }
147 | 
148 | .tooltip-warning.bs-tooltip-end .tooltip-arrow::before,
149 | .tooltip-warning.bs-tooltip-auto[data-popper-placement^='right'] .tooltip-arrow::before {
150 | 	border-right-color: var(--bs-warning);
151 | }
152 | 
153 | .tooltip-warning.bs-tooltip-bottom .tooltip-arrow::before,
154 | .tooltip-warning.bs-tooltip-auto[data-popper-placement^='bottom'] .tooltip-arrow::before {
155 | 	border-bottom-color: var(--bs-warning);
156 | }
157 | 
158 | .tooltip-warning.bs-tooltip-start .tooltip-arrow::before,
159 | .tooltip-warning.bs-tooltip-auto[data-popper-placement^='left'] .tooltip-arrow::before {
160 | 	border-left-color: var(--bs-warning);
161 | }
162 | 
163 | div.dataTables_processing > div:last-child > div {
164 | 	background: var(--bs-danger);
165 | }
166 | 
167 | /* Start of search element */
168 | .search {
169 | 	position: relative;
170 | }
171 | 
172 | .search input {
173 | 	text-indent: 20px;
174 | 	border: 2px solid #d6d4d4;
175 | }
176 | 
177 | .search > .bi {
178 | 	position: absolute;
179 | 	top: 8px;
180 | 	font-size: 0.95em;
181 | 	color: var(--bs-dark);
182 | 	background-color: transparent;
183 | 	padding-left: 5px;
184 | 	padding-right: 5px;
185 | }
186 | 
187 | .search .bi-search {
188 | 	left: 8px;
189 | }
190 | 
191 | .search .bi-x-lg {
192 | 	right: 8px;
193 | 	cursor: pointer;
194 | }
195 | 
196 | .filter-list .badge .bi-x {
197 | 	cursor: pointer;
198 | }
199 | 
200 | .search .dropdown-item code {
201 | 	font-size: 1em;
202 | 	color: var(--bs-success);
203 | 	background-color: var(--bs-gray-200);
204 | 	font-family: inherit;
205 | }
206 | /* End of search element */
207 | 
208 | /* X-Small devices (portrait phones, less than 576px) */
209 | .panel {
210 | 	border: none;
211 | }
212 | 
213 | .search-not-match {
214 | 	display: none !important;
215 | }
216 | 
217 | /* Small devices (landscape phones, 576px and up) */
218 | @media (min-width: 576px) {
219 | }
220 | 
221 | /* Medium devices (tablets, 768px and up) */
222 | @media (min-width: 768px) {
223 | 	.panel {
224 | 		border: var(--bs-card-border-width) solid var(--bs-card-border-color);
225 | 	}
226 | }
227 | 
228 | /* Large devices (desktops, 992px and up) */
229 | @media (min-width: 992px) {
230 | 	#page-provider table tbody tr .invisible {
231 | 		visibility: hidden !important;
232 | 	}
233 | }
234 | 
235 | /* X-Large devices (large desktops, 1200px and up) */
236 | @media (min-width: 1200px) {
237 | }
238 | 
239 | /* XX-Large devices (larger desktops, 1400px and up) */
240 | @media (min-width: 1400px) {
241 | }
242 | 


--------------------------------------------------------------------------------
/assets/js/auto-complete.js:
--------------------------------------------------------------------------------
  1 | (function ($) {
  2 | 	$.fn.autoComplete = function (options) {
  3 | 		// Container to store input elements
  4 | 		var inputs = [];
  5 | 
  6 | 		// Default settings
  7 | 		var defaults = {
  8 | 			source: [],
  9 | 			noResults: 'No result found',
 10 | 		};
 11 | 
 12 | 		// User defined settings
 13 | 		var defines = typeof options === 'object' ? options : {};
 14 | 
 15 | 		// Merge default and user defined settings
 16 | 		var settings = $.extend(defaults, defines);
 17 | 
 18 | 		// Initialize
 19 | 		var init = function (input) {
 20 | 			// Make sure it's a valid input field
 21 | 			if (!$(input).is('input')) {
 22 | 				return;
 23 | 			}
 24 | 
 25 | 			// Make sure source is an array
 26 | 			if (!Array.isArray(settings.source)) {
 27 | 				return;
 28 | 			}
 29 | 
 30 | 			inputs.push(input);
 31 | 
 32 | 			var $dropdown = $('<ul class="dropdown-menu shadow auto-complete">');
 33 | 			var $listContainer = $('<div class="w-100 overflow-x-hidden overflow-y-auto">');
 34 | 
 35 | 			var openList = function () {
 36 | 				$dropdown
 37 | 					.css({
 38 | 						width: $(input).outerWidth(),
 39 | 					})
 40 | 					.addClass('show');
 41 | 
 42 | 				// Position adjustment only works after displayed
 43 | 				$dropdown.offset({
 44 | 					top: $(input).offset().top + $(input).outerHeight(),
 45 | 				});
 46 | 
 47 | 				// Make sure the dropdown menu is not out of the viewport
 48 | 				var maxHeight = $(window).height() - ($(input).offset().top + $(input).outerHeight() + 100);
 49 | 				maxHeight = maxHeight > 300 ? 300 : maxHeight;
 50 | 
 51 | 				$listContainer.css({
 52 | 					maxHeight: maxHeight,
 53 | 				});
 54 | 			};
 55 | 
 56 | 			var closeList = function () {
 57 | 				$dropdown.removeClass('show');
 58 | 			};
 59 | 
 60 | 			var populateListItems = function () {
 61 | 				// Clear existing option items
 62 | 				$listContainer.empty();
 63 | 
 64 | 				var index = 0;
 65 | 
 66 | 				if (settings.source.length > 0) {
 67 | 					$.each(settings.source, function (key, value) {
 68 | 						if (value.toLowerCase().includes($(input).val().trim().toLowerCase())) {
 69 | 							if (value.length == 0) {
 70 | 								index++;
 71 | 								return;
 72 | 							}
 73 | 
 74 | 							var $a = $('<a href="#" class="dropdown-item">')
 75 | 								.html(value.replace(new RegExp('(' + $(input).val().trim() + ')', 'ig'), '<strong>$1</strong>'))
 76 | 								.on('click', function (e) {
 77 | 									e.preventDefault();
 78 | 
 79 | 									$(input).val(value);
 80 | 									$dropdown.removeClass('show');
 81 | 								});
 82 | 
 83 | 							$listContainer.append($('<li>').append($a));
 84 | 
 85 | 							index++;
 86 | 						}
 87 | 					});
 88 | 				}
 89 | 
 90 | 				if ($listContainer.is(':empty')) {
 91 | 					$listContainer.append($('<li>').append('<a href="#" class="dropdown-item disabled">' + settings.noResults + '</a>'));
 92 | 				}
 93 | 			};
 94 | 
 95 | 			$(document).on('keydown', function (e) {
 96 | 				var items = $listContainer.find('a');
 97 | 
 98 | 				switch (e.which) {
 99 | 					// Escape pressed
100 | 					case 27:
101 | 						closeList();
102 | 						break;
103 | 
104 | 					// Up arrow
105 | 					case 38:
106 | 						if (!$(input).is(':focus')) {
107 | 							e.preventDefault();
108 | 							break;
109 | 						}
110 | 
111 | 						if ($listContainer.find('li a.active').length === 0) {
112 | 							$(items[0]).addClass('active');
113 | 						} else {
114 | 							$.each(items, function (index, item) {
115 | 								if ($(item).hasClass('active')) {
116 | 									var $activeItem = $(items[(index === 0 ? items.length : index) - 1]);
117 | 
118 | 									$(item).removeClass('active');
119 | 									$activeItem.addClass('active');
120 | 
121 | 									if ($activeItem.position().top < $activeItem.outerHeight() * 4) {
122 | 										$activeItem[0].scrollIntoView();
123 | 									} else if ($activeItem.position().top > $listContainer[0].clientHeight * 2 - $activeItem.outerHeight() * 2) {
124 | 										$activeItem[0].scrollIntoView();
125 | 									}
126 | 
127 | 									return false;
128 | 								}
129 | 							});
130 | 						}
131 | 						break;
132 | 
133 | 					// Down arrow
134 | 					case 40:
135 | 						if (!$(input).is(':focus')) {
136 | 							e.preventDefault();
137 | 							break;
138 | 						}
139 | 
140 | 						// No item selected
141 | 						if ($listContainer.find('a.active').length === 0) {
142 | 							$(items[0]).addClass('active');
143 | 						} else {
144 | 							$.each(items, function (index, item) {
145 | 								if ($(item).hasClass('active')) {
146 | 									var $activeItem = $(items[(index === items.length - 1 ? -1 : index) + 1]);
147 | 
148 | 									$(item).removeClass('active');
149 | 									$activeItem.addClass('active');
150 | 
151 | 									var visibleItemLimit = Math.ceil($listContainer[0].clientHeight / $activeItem.outerHeight());
152 | 
153 | 									if ($activeItem.position().top > $activeItem.outerHeight() * visibleItemLimit) {
154 | 										$activeItem[0].scrollIntoView();
155 | 									} else if ($activeItem.position().top < 0) {
156 | 										$activeItem[0].scrollIntoView();
157 | 									}
158 | 
159 | 									return false;
160 | 								}
161 | 							});
162 | 						}
163 | 						break;
164 | 
165 | 					default:
166 | 				}
167 | 			});
168 | 
169 | 			$dropdown.append($listContainer);
170 | 
171 | 			$(input)
172 | 				.on('input', function () {
173 | 					populateListItems();
174 | 					openList();
175 | 				})
176 | 				.on('blur', function () {
177 | 					setTimeout(function () {
178 | 						closeList();
179 | 					}, 200);
180 | 				})
181 | 				.on('keypress', function (e) {
182 | 					// When enter is pressed
183 | 					if (e.which === 13) {
184 | 						e.preventDefault();
185 | 
186 | 						$listContainer.find('a.active').trigger('click');
187 | 					}
188 | 				})
189 | 				.on('keydown', function (e) {
190 | 					// When tab is pressed
191 | 					if (e.which === 9) {
192 | 						e.preventDefault();
193 | 
194 | 						$listContainer.find('a.active').trigger('click');
195 | 					}
196 | 				})
197 | 				.after($dropdown);
198 | 
199 | 			$(document).on('wheel', function () {
200 | 				// Lost focus on current input when scrolling
201 | 				$(input).blur();
202 | 			});
203 | 		};
204 | 
205 | 		// Destroy the existing input elements
206 | 		destroy = function () {
207 | 			$.each(inputs, function (i, input) {
208 | 				$(input).off('input blur keypress keydown');
209 | 				$(input).next('.auto-complete').remove();
210 | 			});
211 | 		};
212 | 
213 | 		// Re-initialize
214 | 		refresh = function () {
215 | 			destroy();
216 | 
217 | 			$.each(inputs, function (i, input) {
218 | 				init(input);
219 | 			});
220 | 		};
221 | 
222 | 		this.each(function (i, input) {
223 | 			init(input);
224 | 		});
225 | 
226 | 		return {
227 | 			destroy: destroy,
228 | 			refresh: refresh,
229 | 		};
230 | 	};
231 | })(jQuery);
232 | 


--------------------------------------------------------------------------------
/pages/sign-in.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * @var \Http\Request    $request
 4 |  * @var \Session\Session $session
 5 |  */
 6 | defined('INDEX') or exit('Access is denied.');
 7 | 
 8 | // Sign out
 9 | if ($request->get('action') == 'sign-out') {
10 | 	$session->delete('user');
11 | 	$cookie->delete('auth');
12 | }
13 | 
14 | // Redirect to home page if user is already signed in
15 | if ($session->get('user')) {
16 | 	exit(header('Location: ./'));
17 | }
18 | 
19 | $username = $request->post('username');
20 | $password = $request->post('password');
21 | ?>
22 | <!DOCTYPE html>
23 | <html lang="en">
24 | <head>
25 | 	<meta charset="utf-8">
26 | 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
27 | 
28 | 	<title>Sign In | Carotu</title>
29 | 
30 | 	<link href="https://cdnjs.cloudflare.com/ajax/libs/bootswatch/5.3.2/flatly/bootstrap.min.css" rel="stylesheet">
31 | 	<link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-icons/1.11.1/font/bootstrap-icons.min.css" rel="stylesheet">
32 | 	<link href="https://cdnjs.cloudflare.com/ajax/libs/loaders.css/0.1.2/loaders.min.css" rel="stylesheet">
33 | 	<link href="../assets/css/style.min.css" rel="stylesheet">
34 | </head>
35 | 
36 | <body class="mt-5">
37 | 	<div class="container">
38 | 		<div class="row mb-5">
39 | 			<div class="col-lg-4 offset-lg-4">
40 | 				<div class="logo">
41 | 					<img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj48c3ZnIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIHZpZXdCb3g9IjAgMCAxMDI0IDEwMjQiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIgeG1sbnM6c2VyaWY9Imh0dHA6Ly93d3cuc2VyaWYuY29tLyIgc3R5bGU9ImZpbGwtcnVsZTpldmVub2RkO2NsaXAtcnVsZTpldmVub2RkO3N0cm9rZS1saW5lam9pbjpyb3VuZDtzdHJva2UtbWl0ZXJsaW1pdDoyOyI+PGcgaWQ9ImxvZ28tbG9nbyI+PGc+PGc+PHBhdGggZD0iTTcxNi44MjMsNjQ0LjgxM2wtNTMuODM4LC0wYy04LjI0MywtMCAtMTQuOTQzLDYuNzA3IC0xNC45NDMsMTQuOTQzYy0wLDguMTk5IDYuNywxNC44OTIgMTQuOTQzLDE0Ljg5Mmw1My44MzgsLTBsMCwyLjg1NmMwLDg0Ljg5NyAtMTM4LjEzNCwxNjkuNDgzIC0yMDQuODIzLDIwMS44MjZjLTI0LjI1NSwtMTEuNzM4IC01Ny44NjcsLTMwLjQxNCAtOTAuOTQ0LC01My41MDRsMjUuNDU3LC0wYzUuNDkxLC0wIDkuODk4LC00LjQgOS44OTgsLTkuODgzYy0wLC01LjQ5MSAtNC40MDcsLTkuOTM1IC05Ljg5OCwtOS45MzVsLTUyLjE5MSwtMGMtNDcuMjQyLC0zNy4zNjYgLTg3LjE1MywtODIuODk0IC04Ny4xNTMsLTEyOC41MDRsMCwtMTkuMzg4bDU0LjY2MiwwYzcuMzIzLDAgMTMuMjM3LC01LjkyOCAxMy4yMzcsLTEzLjMwM2MtMCwtNy4zMTYgLTUuOTE0LC0xMy4yMyAtMTMuMjM3LC0xMy4yM2wtNTQuNjYyLDBsMCwtNzkuNTQ3YzEuNywwLjQzOCAzLjQ5NSwwLjc3MSA1LjMzNSwwLjc3MWw2OC42MzMsMGMxMS4xMDgsMCAyMC4xMywtOS4wMTUgMjAuMTMsLTIwLjExNWMwLC0xMS4xMTQgLTkuMDIyLC0yMC4xMjkgLTIwLjEzLC0yMC4xMjlsLTY4LjYzMywtMGMtMS43OTUsLTAgLTMuNDk0LDAuMjg5IC01LjE0OSwwLjcxOWM0LjYxNSwtMTA0LjEzNiA4Ny4yNjQsLTE4OC4yOTIgMTkwLjc3LC0xOTUuMjI5bDAuMDQ1LDU2Ljc0NmMtMTcuNjA4LDUuODMyIC0zMC4zMSwyMi4zNjQgLTMwLjMxLDQxLjkxNWwtMCw0OC4yNThjLTAsMjQuNDA0IDE5LjczNiw0NC4xNCA0NC4xNCw0NC4xNGMyNC4zNDQsMCA0NC4wODEsLTE5LjczNiA0NC4wODEsLTQ0LjE0bC0wLC00OC4yNThjLTAsLTE5LjU1MSAtMTIuNzEsLTM2LjA4MyAtMzAuMzAyLC00MS45MTVsMC4wODksLTU2Ljc0NmMxMDMuMjY4LDYuOTM3IDE4NS43NjksOTAuNzA3IDE5MC43MjUsMTk0LjUxbC00MS42NzcsLTBjLTguNzI1LC0wIC0xNS44MTEsNy4wNzEgLTE1LjgxMSwxNS44MTFjLTAsOC43NjMgNy4wODYsMTUuODQ5IDE1LjgxMSwxNS44NDlsNDEuOTA3LC0wbDAsMTAwLjU5Wm0tMjA0LjgyMywtMzg1LjQ5NWMtMTQ1LjAyLC0wIC0yNjMuMDM5LDExOC4wMDQgLTI2My4wMzksMjYzLjAzOWwwLDE1NS4xNDdjMCw2My40NDcgNDMuNDEzLDEyNy4wMzQgMTI5LjAyMywxODkuMDM0YzYwLjE4OSw0My41NDcgMTM0LjAxNiw3Ni44MTcgMTM0LjAxNiw3Ni44MTdjLTAsMCA3My44MTksLTMzLjI3IDEzNC4wMTYsLTc2LjgxN2M4NS42MDIsLTYyIDEyOS4wMjMsLTEyNS41ODcgMTI5LjAyMywtMTg5LjAzNGwtMCwtMTU1LjE0N2MtMCwtMTQ1LjAzNSAtMTE4LjAyNywtMjYzLjAzOSAtMjYzLjAzOSwtMjYzLjAzOSIgc3R5bGU9ImZpbGw6I2ZmNTc1ODtmaWxsLXJ1bGU6bm9uemVybzsiLz48L2c+PGc+PHBhdGggZD0iTTU0Ni4xOTEsMjM4LjgzYzAsMCAxOTUuODY4LDI1LjIyIDIwNS44ODUsLTE1My40ODVjLTAsLTAgLTIyMC4xODIsLTQyLjY5NCAtMjM2LjE3MiwxMjkuMjc0Yy0wLDAgNzEuMjgyLC03OS44MzYgMTcwLjE1LC04My42NWMwLC0wIC0xMzMuMTAzLDUxLjAzMyAtMTM5Ljg2MywxMDcuODYxIiBzdHlsZT0iZmlsbDojN2ZkODU4O2ZpbGwtcnVsZTpub256ZXJvOyIvPjwvZz48Zz48cGF0aCBkPSJNNDc5Ljc5OSwyMzkuMDA4YzAsMCAtMTY3LjE3NSwyMS41MjUgLTE3NS43MjIsLTEzMS4wMDNjLTAsLTAgMTg3LjkyOCwtMzYuNDMyIDIwMS41NjYsMTEwLjMzOWMtMCwwIC02MC44MzUsLTY4LjE0MyAtMTQ1LjIxMywtNzEuMzkzYy0wLDAgMTEzLjU5Nyw0My41NDcgMTE5LjM2OSw5Mi4wNTciIHN0eWxlPSJmaWxsOiM3ZmQ4NTg7ZmlsbC1ydWxlOm5vbnplcm87Ii8+PC9nPjwvZz48L2c+PC9zdmc+" width="64" height="64" class="img-fluid float-start">
42 | 					<h3 class="float-end text-end mt-1">
43 | 						Carotu <small>A list of VMs</small>
44 | 					</h3>
45 | 					<div class="clearfix"></div>
46 | 				</div>
47 | 			</div>
48 | 		</div>
49 | 		<div class="row">
50 | 			<div class="col-lg-4 offset-lg-4">
51 | 				<div class="panel card w-100">
52 | 					<div class="card-body">
53 | 						<p class="card-text">
54 | 							<?php if ($request->get('action') == 'sign-out'): ?>
55 | 							<div class="alert alert-success alert-dismissible" role="alert">
56 | 								<strong>Horray!</strong> You have signed out successfully.
57 | 								<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
58 | 							</div>
59 | 							<?php endif; ?>
60 | 
61 | 							<form method="post" class="p-1">
62 | 								<div class="form-floating mb-3">
63 | 									<input type="text" class="form-control" id="username" name="username" value="<?php echo $request->input($username); ?>" placeholder="" autocapitalize="off" required>
64 | 									<label for="username">Username</label>
65 | 									<div id="username-feedback" class="invalid-feedback"></div>
66 | 								</div>
67 | 								<div class="input-group mb-3">
68 | 									<div class="form-floating">
69 | 										<input type="password" class="form-control" id="password" name="password" value="<?php echo $request->input($password); ?>" placeholder="" autocapitalize="off" autocomplete="off" required>
70 | 										<label for="password">Password</label>
71 | 									</div>
72 | 									<button class="btn btn-end btn-outline-secondary" type="button" id="toggle-password"><i class="bi bi-eye-slash"></i></button>
73 | 									<div id="password-feedback" class="invalid-feedback"></div>
74 | 								</div>
75 | 
76 | 								<div class="form-check mb-5">
77 | 									<input class="form-check-input" type="checkbox" value="1" name="remember" id="remember">
78 | 									<label class="form-check-label" for="remember">Remember Me</label>
79 | 								</div>
80 | 
81 | 								<button type="submit" class="btn btn-primary w-100 disabled"><i class="bi bi-box-arrow-in-right"></i> Sign In</button>
82 | 
83 | 								<?php $form->input(); ?>
84 | 							</form>
85 | 						</p>
86 | 					</div>
87 | 				</div>
88 | 			</div>
89 | 		</div>
90 | 	</div>
91 | 
92 | 	<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
93 | 	<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.2/js/bootstrap.bundle.min.js"></script>
94 | 	<script src="./assets/js/sign-in.min.js"></script>
95 | </body>
96 | </html>


--------------------------------------------------------------------------------
/libraries/SQLite/Database.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace SQLite;
  4 | 
  5 | use PDO;
  6 | 
  7 | class Database extends \PDO
  8 | {
  9 | 	/**
 10 | 	 * Collection of errors.
 11 | 	 *
 12 | 	 * @var array
 13 | 	 */
 14 | 	private $errors = [];
 15 | 
 16 | 	/**
 17 | 	 * Store the last error.
 18 | 	 *
 19 | 	 * @var string
 20 | 	 */
 21 | 	private $lastError;
 22 | 
 23 | 	/**
 24 | 	 * Maps for value bindings.
 25 | 	 *
 26 | 	 * @var array
 27 | 	 */
 28 | 	private $binds = [];
 29 | 
 30 | 	/**
 31 | 	 * SQL query.
 32 | 	 *
 33 | 	 * @var string
 34 | 	 */
 35 | 	private $query = '';
 36 | 
 37 | 	/**
 38 | 	 * Path to error log.
 39 | 	 *
 40 | 	 * @var string
 41 | 	 */
 42 | 	private $errorLog = '';
 43 | 
 44 | 	/**
 45 | 	 * Last insert ID.
 46 | 	 *
 47 | 	 * @var array
 48 | 	 */
 49 | 	private $lastId;
 50 | 
 51 | 	/**
 52 | 	 * Initialize PDO object.
 53 | 	 *
 54 | 	 * @param string $dsn
 55 | 	 *
 56 | 	 * @throws \Exception
 57 | 	 */
 58 | 	public function __construct($dsn)
 59 | 	{
 60 | 		try {
 61 | 			parent::__construct('sqlite:' . $dsn, null, null, [
 62 | 				\PDO::ATTR_EMULATE_PREPARES => false,
 63 | 				\PDO::ATTR_ERRMODE          => \PDO::ERRMODE_EXCEPTION,
 64 | 			]);
 65 | 		} catch (\PDOException $e) {
 66 | 			throw new \Exception($e->getMessage());
 67 | 		} catch (\Exception $e) {
 68 | 			throw new \Exception('Unable to open database.');
 69 | 		}
 70 | 	}
 71 | 
 72 | 	/**
 73 | 	 * Set the location to save error log.
 74 | 	 *
 75 | 	 * @param string $errorLog
 76 | 	 *
 77 | 	 * @throws \Exception
 78 | 	 */
 79 | 	public function saveErrorLog($errorLog)
 80 | 	{
 81 | 		if (!file_exists($errorLog)) {
 82 | 			@touch($errorLog);
 83 | 		}
 84 | 
 85 | 		if (!is_writable($errorLog)) {
 86 | 			throw new \Exception('"' . $errorLog . '" is not writable.');
 87 | 		}
 88 | 		$this->errorLog = $errorLog;
 89 | 	}
 90 | 
 91 | 	/**
 92 | 	 * Fetch records from database.
 93 | 	 *
 94 | 	 * @param string $table
 95 | 	 * @param string $where
 96 | 	 * @param array  $binds
 97 | 	 * @param bool   $single
 98 | 	 * @param string $fields
 99 | 	 *
100 | 	 * @return array|false
101 | 	 */
102 | 	public function select($table, $where = '', $binds = '', $single = false, $fields = '*')
103 | 	{
104 | 		return $this->execute('SELECT ' . $fields . ' FROM `' . $table . '`' . ((!empty($where)) ? ' WHERE ' . $where : '') . ';', $binds, $single);
105 | 	}
106 | 
107 | 	/**
108 | 	 * Insert record into database.
109 | 	 *
110 | 	 * @param string $table
111 | 	 * @param array  $records
112 | 	 *
113 | 	 * @return false|int
114 | 	 */
115 | 	public function insert($table, $records = [])
116 | 	{
117 | 		$records = (!\is_array($records)) ? [] : $records;
118 | 
119 | 		$columns = array_keys($records);
120 | 
121 | 		foreach ($records as $key => $value) {
122 | 			$records[':' . $key] = (string) $value;
123 | 			unset($records[$key]);
124 | 		}
125 | 
126 | 		return $this->execute('INSERT OR IGNORE INTO `' . $table . '` (`' . implode('`, `', $columns) . '`) VALUES(:' . implode(', :', $columns) . ');', $records);
127 | 	}
128 | 
129 | 	/**
130 | 	 * Delete record from database.
131 | 	 *
132 | 	 * @param string $table
133 | 	 * @param string $where
134 | 	 * @param array  $binds
135 | 	 *
136 | 	 * @return false|int
137 | 	 */
138 | 	public function delete($table, $where, $binds = '')
139 | 	{
140 | 		return $this->execute('DELETE FROM `' . $table . '` WHERE ' . $where . ';', $binds);
141 | 	}
142 | 
143 | 	/**
144 | 	 * Modify existing record.
145 | 	 *
146 | 	 * @param string $table
147 | 	 * @param array  $fields
148 | 	 * @param string $where
149 | 	 * @param array  $binds
150 | 	 *
151 | 	 * @return false|int
152 | 	 */
153 | 	public function update($table, $fields, $where, $binds = '')
154 | 	{
155 | 		$binds = $this->getBinds($binds);
156 | 
157 | 		$query = 'UPDATE `' . $table . '` SET ';
158 | 
159 | 		foreach ($fields as $column => $value) {
160 | 			$query .= '`' . $column . '` = :new_' . $column . ', ';
161 | 			$binds[':new_' . $column] = $fields[$column];
162 | 		}
163 | 
164 | 		$query = rtrim($query, ', ') . ' WHERE ' . $where . ';';
165 | 
166 | 		return $this->execute($query, $binds);
167 | 	}
168 | 
169 | 	/**
170 | 	 * Execute SQL query.
171 | 	 *
172 | 	 * @param string $query
173 | 	 * @param array  $binds
174 | 	 *
175 | 	 * @return array|false|int
176 | 	 *
177 | 	 * @throws \Exception
178 | 	 */
179 | 	public function execute($query, $binds = '', $single = false)
180 | 	{
181 | 		$this->lastId = null;
182 | 		$this->lastError = null;
183 | 		$this->query = trim($query);
184 | 		$this->binds = $this->getBinds($binds);
185 | 
186 | 		try {
187 | 			$st = $this->prepare($this->query);
188 | 
189 | 			if (is_array($this->binds)) {
190 | 				foreach ($this->binds as $key => $value) {
191 | 					$st->bindValue($key, $value, (is_int($value)) ? \PDO::PARAM_INT : \PDO::PARAM_STR);
192 | 				}
193 | 			}
194 | 
195 | 			if ($st->execute($this->binds) !== false) {
196 | 				if (preg_match('/^(UPDATE|DELETE|INSERT)/i', $this->query)) {
197 | 					$this->lastId = parent::lastInsertId();
198 | 				} else {
199 | 					if ($single) {
200 | 						$row = $st->fetch(\PDO::FETCH_ASSOC);
201 | 
202 | 						return ($row === false) ? [] : $row;
203 | 					}
204 | 
205 | 					$rows = $st->fetchAll(\PDO::FETCH_ASSOC);
206 | 
207 | 					return ($rows === false) ? [] : $rows;
208 | 				}
209 | 			}
210 | 		} catch (\PDOException $e) {
211 | 			$this->errors[] = $this->lastError = $e->getMessage();
212 | 
213 | 			if (is_writable($this->errorLog)) {
214 | 				@file_put_contents($this->errorLog, implode("\t", [
215 | 					gmdate('Y-m-d H:i:s'),
216 | 					$_SERVER['REMOTE_ADDR'] ?? '',
217 | 					$_SERVER['REQUEST_URI'] ?? '',
218 | 					$e->getFile() . ':' . $e->getLine(),
219 | 					$e->getMessage(),
220 | 					$this->getQuery(),
221 | 				]) . "\n", \FILE_APPEND);
222 | 			}
223 | 
224 | 			return false;
225 | 		}
226 | 	}
227 | 
228 | 	/**
229 | 	 * Get executed SQL query.
230 | 	 *
231 | 	 * @return string
232 | 	 */
233 | 	public function getQuery()
234 | 	{
235 | 		return str_replace(array_keys($this->binds), array_map(function ($s) {
236 | 			return "'" . str_replace('\'', '\\\'', $s) . "'";
237 | 		}, array_values($this->binds)), $this->query);
238 | 	}
239 | 
240 | 	/**
241 | 	 * Get the error message of last query.
242 | 	 *
243 | 	 * @return string|null
244 | 	 */
245 | 	public function getLastError()
246 | 	{
247 | 		return $this->lastError;
248 | 	}
249 | 
250 | 	/**
251 | 	 * Get MySQL errors.
252 | 	 *
253 | 	 * @return array
254 | 	 */
255 | 	public function getErrors()
256 | 	{
257 | 		return $this->errors;
258 | 	}
259 | 
260 | 	/**
261 | 	 * Get the last insert ID.
262 | 	 *
263 | 	 * @return int
264 | 	 */
265 | 	public function getLastId()
266 | 	{
267 | 		return $this->lastId;
268 | 	}
269 | 
270 | 	/**
271 | 	 * Rebuild maps of bindings.
272 | 	 *
273 | 	 * @param array $binds
274 | 	 *
275 | 	 * @return array
276 | 	 */
277 | 	private function getBinds($binds)
278 | 	{
279 | 		if (!\is_array($binds)) {
280 | 			return (!empty($binds)) ? [$binds] : [];
281 | 		}
282 | 
283 | 		foreach ($binds as $key => $bind) {
284 | 			if (\is_array($bind)) {
285 | 				$fields = '';
286 | 				$index = 1;
287 | 
288 | 				foreach ($bind as $value) {
289 | 					if (empty($value)) {
290 | 						continue;
291 | 					}
292 | 
293 | 					$suffix = mt_rand(10000, 99999);
294 | 
295 | 					$binds[':bind_' . $suffix . $index] = $value;
296 | 					$fields .= ':bind_' . $suffix . $index . ', ';
297 | 
298 | 					++$index;
299 | 				}
300 | 
301 | 				$this->query = str_replace($key, rtrim($fields, ', '), $this->query);
302 | 				unset($binds[$key]);
303 | 
304 | 				$binds = array_filter($binds);
305 | 			}
306 | 		}
307 | 
308 | 		return $binds;
309 | 	}
310 | }
311 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Carotu
  2 | 
  3 | Carotu is a lightweight inventory system to keep track of your VPS and dedicated servers. The system is written in PHP language with Bootstrap 5 as the front-end framework.
  4 | 
  5 | I wrote this in my leisure time as a hobby. Please do not expect frequent updates. Any feature requests or bug reports can be submitted to [here](https://github.com/seikan/carotu/issues).
  6 | 
  7 | 
  8 | 
  9 | ### Demo
 10 | 
 11 | A demo page is available at https://demo.carotu.com/
 12 | 
 13 | ```
 14 | Username: Carotu
 15 | Password: CarotuDemo#100
 16 | ```
 17 | 
 18 | All records refreshed hourly.
 19 | 
 20 | 
 21 | 
 22 | ### Requirements
 23 | 
 24 | * PHP 8.0 and above
 25 | * SQLite PDO extension enabled
 26 | * Apache or Nginx web server
 27 | 
 28 | 
 29 | 
 30 | ### Apache vhost Example
 31 | 
 32 | ```
 33 | <VirtualHost *:80>
 34 | 	ServerName		carotu.example.com
 35 | 	DocumentRoot	/var/www/carotu.example.com
 36 | 
 37 | 	<Directory /var/www/carotu.example.com>
 38 | 		AllowOverride	All
 39 | 		Options			Indexes FollowSymLinks
 40 | 		Order			allow,deny
 41 | 		Allow			From all
 42 | 	</Directory>
 43 | </VirtualHost>
 44 | 
 45 | <VirtualHost *:443>
 46 | 	ServerName		carotu.example.com
 47 | 	DocumentRoot	/var/www/carotu.example.com
 48 | 
 49 | 	SSLEngine				On
 50 | 	SSLCertificateFile		/etc/ssl/carotu.example.com.pem
 51 | 	SSLCertificateKeyFile	/etc/ssl/carotu.example.com-key.pem
 52 | 
 53 | 	<Directory /var/www/carotu.example.com>
 54 | 		AllowOverride	All
 55 | 		Options			Indexes FollowSymLinks
 56 | 		Order			allow,deny
 57 | 		Allow			From all
 58 | 	</Directory>
 59 | </VirtualHost>
 60 | ```
 61 | 
 62 | #### .htaccess
 63 | 
 64 | ```
 65 | Options -Indexes
 66 | RewriteEngine on
 67 | 
 68 | <FilesMatch "\.(log|htaccess|sqlite)$">
 69 |   Require all denied
 70 | </FilesMatch>
 71 | 
 72 | RewriteCond %{REQUEST_FILENAME} !-f
 73 | RewriteCond %{REQUEST_FILENAME} !-d
 74 | RewriteCond %{REQUEST_URI} !=/favicon.ico
 75 | RewriteRule ^(.*)$ index.php [L,QSA]
 76 | ```
 77 | 
 78 | 
 79 | 
 80 | 
 81 | 
 82 | ### Nginx vhost Example
 83 | 
 84 | ```
 85 | server {
 86 | 	listen 80;
 87 | 	server_name carotu.example.com;
 88 | 	return 301 https://carotu.example.com$request_uri;
 89 | }
 90 | 
 91 | server {
 92 | 	listen 443 ssl;
 93 | 	server_name carotu.example.com;
 94 | 	root /var/www/carotu.example.com;
 95 | 	
 96 | 	access_log /var/log/nginx/carotu.example.com-access.log;
 97 | 	error_log /var/log/nginx/carotu.example.com-error.log;
 98 | 
 99 | 	index index.php index.html;
100 | 
101 | 	ssl_certificate /etc/ssl/carotu.example.com.pem;
102 | 	ssl_certificate_key /etc/ssl/carotu.example.com-key.pem;
103 | 
104 | 	ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
105 | 
106 | 	ssl_protocols TLSv1.2;
107 | 	ssl_session_cache shared:SSL:10m;
108 | 
109 | 	location ~ \.php$ {
110 | 		try_files	$uri =404;
111 | 		fastcgi_pass	127.0.0.1:9000;
112 | 		fastcgi_index	index.php;
113 | 		fastcgi_param	SCRIPT_FILENAME	$document_root$fastcgi_script_name;
114 | 		include		fastcgi_params;
115 | 	}
116 | 	
117 | 	# Protect log and database files
118 | 	location ~* \.(log|sqlite)$ {
119 | 		deny all;
120 | 	}
121 | 
122 | 	location / {
123 | 		try_files $uri $uri/ @rewrite;
124 | 	}
125 | 	
126 | 	# Rewrite rules
127 | 	location @rewrite {
128 | 		rewrite ^/(.*)$ /index.php last;
129 | 	}
130 | 	
131 | 	# Error pages
132 | 	error_page 403 /403.html;
133 | 	error_page 404 /404.html;
134 | 	error_page 500 502 503 504 /50x.html;
135 | 
136 | 	location = /403.html {
137 | 		root /var/www/carotu.example.com;
138 | 		internal;
139 | 	}
140 | 
141 | 	location = /404.html {
142 | 		root /var/www/carotu.example.com;
143 | 		internal;
144 | 	}
145 | 
146 | 	location = /50x.html {
147 | 		root /var/www/carotu.example.com;
148 | 		internal;
149 | 	}
150 | }
151 | ```
152 | 
153 | 
154 | 
155 | 
156 | 
157 | ### Installation
158 | 
159 | #### Traditional Installation
160 | 
161 | 1. Download the latest version from here.
162 | 2. Decompress the package and upload it to web server.
163 | 3. Access the system from web browser to continue the setup.
164 | 
165 | #### Docker Installation
166 | 
167 | A Docker Compose configuration is provided for easy deployment:
168 | 
169 | ```bash
170 | # Clone the repository
171 | git clone https://github.com/seikan/carotu.git
172 | cd carotu
173 | 
174 | # Start with Docker Compose
175 | docker-compose up -d
176 | ```
177 | 
178 | Access at `http://localhost` or configure `VIRTUAL_HOST` environment variable for reverse proxy setups.
179 | 
180 | **Docker Requirements:**
181 | - Docker and Docker Compose installed
182 | - Port 80 available (or configure reverse proxy)
183 | 
184 | See `docker-compose.yml` for configuration options.
185 | 
186 | 
187 | 
188 | ### REST API
189 | 
190 | Carotu includes a REST API for programmatic access to your server inventory.
191 | 
192 | #### API Installation
193 | 
194 | The `api/` directory contains a standalone REST API that works alongside the main Carotu installation.
195 | 
196 | **Quick Setup:**
197 | 
198 | 1. API files are already included in the repository
199 | 2. Configure your API key in `api/config.php`:
200 |    ```php
201 |    $VALID_API_KEYS = [
202 |        'your-secure-api-key-here',  // Generate with: openssl rand -hex 32
203 |    ];
204 |    ```
205 | 3. Ensure Apache `mod_headers` and `mod_rewrite` are enabled
206 | 4. Access API at `https://yourdomain.com/api/`
207 | 
208 | **Why separate API config?**
209 | - The API uses `api/config.php` (separate from main `configuration.php`)
210 | - Different authentication: API keys vs web UI credentials
211 | - Independent CORS and error logging configuration
212 | - Can be deployed separately if needed
213 | 
214 | #### API Endpoints
215 | 
216 | **Authentication:** All requests require `X-API-Key` header
217 | 
218 | ```bash
219 | curl -H "X-API-Key: your-api-key" https://yourdomain.com/api/machines
220 | ```
221 | 
222 | **Available Endpoints:**
223 | 
224 | | Endpoint | Method | Description |
225 | |----------|--------|-------------|
226 | | `/machines` | GET | List all machines |
227 | | `/machines/{id}` | GET | Get single machine |
228 | | `/machines` | POST | Create new machine |
229 | | `/machines/{id}` | PUT | Update machine |
230 | | `/machines/{id}` | DELETE | Delete machine |
231 | | `/providers` | GET | List all providers |
232 | | `/providers/{id}` | GET | Get single provider |
233 | | `/payment-cycles` | GET | List payment cycles |
234 | | `/countries` | GET | List countries |
235 | | `/stats` | GET | Get statistics |
236 | 
237 | **Example: Create Machine**
238 | 
239 | ```bash
240 | curl -X POST \
241 |   -H "X-API-Key: your-api-key" \
242 |   -H "Content-Type: application/json" \
243 |   -d '{
244 |     "label": "Production Server",
245 |     "ip_address": "1.2.3.4",
246 |     "provider_id": 1,
247 |     "country_code": "US",
248 |     "city_name": "New York",
249 |     "cpu_core": 4,
250 |     "memory": 8192,
251 |     "disk_space": 160000,
252 |     "price": 10,
253 |     "currency_code": "USD",
254 |     "payment_cycle_id": 1,
255 |     "due_date": "2025-12-01"
256 |   }' \
257 |   https://yourdomain.com/api/machines
258 | ```
259 | 
260 | **Example: Get Statistics**
261 | 
262 | ```bash
263 | curl -H "X-API-Key: your-api-key" https://yourdomain.com/api/stats
264 | ```
265 | 
266 | Response:
267 | ```json
268 | {
269 |   "success": true,
270 |   "data": {
271 |     "stats": {
272 |       "total_machines": 47,
273 |       "monthly_cost": 16903,
274 |       "by_provider": [...],
275 |       "by_country": [...]
276 |     }
277 |   }
278 | }
279 | ```
280 | 
281 | #### Nginx Configuration for API
282 | 
283 | Add to your Nginx server block:
284 | 
285 | ```nginx
286 | location /api/ {
287 |     try_files $uri $uri/ /api/index.php?$query_string;
288 | }
289 | ```
290 | 
291 | 
292 | 
293 | ### Screenshots
294 | 
295 | ![](https://github.com/seikan/carotu/assets/73107/cacc491c-70c0-4161-bbb7-d23ab119ad5d)
296 | 
297 | 
298 | 
299 | ![](https://github.com/seikan/carotu/assets/73107/b9c5ea2f-295a-4016-a156-54346e9c1723)
300 | 
301 | 
302 | 
303 | ![](https://github.com/seikan/carotu/assets/73107/087b344e-20b7-4f37-bfb9-f72fd2f541e7)
304 | 


--------------------------------------------------------------------------------
/assets/js/provider.min.js:
--------------------------------------------------------------------------------
1 | class Provider{constructor(){let e=this;$("#menu-provider").on("click",(function(e){e.preventDefault(),$("#modal-provider").modal("show")})),$("#btn-new-provider").on("click",(function(e){e.preventDefault(),$("#page-provider").addClass("d-none"),$("#page-new-provider").removeClass("d-none"),$.get("./provider.json?action=control-panel",(function(e){$('#page-new-provider input[name="cp"]').autoComplete({source:e}).refresh()}))})),$("#page-new-provider .btn-outline-secondary").on("click",(function(t){t.preventDefault(),e.discardNew()})),$("#page-new-provider .btn-primary").on("click",(function(t){t.preventDefault();var n=$(this),a=$("#page-new-provider form").serialize();n.data("html",n.html()).css({width:n.outerWidth(),height:n.outerHeight()}).prop("disabled",!0).html('<div class="loader-inner ball-beat"><div></div><div></div><div></div></div>'),$("#page-new-provider input").prop("disabled",!0),$("#page-new-provider .is-invalid").removeClass("is-invalid"),$("#page-new-provider .invalid-feedback").remove(),$.post("./provider.json",a+"&__CSRF_TOKEN__="+$('input[name="__CSRF_TOKEN__"]').val(),(function(t){Object.keys(t.errors).length>0?$.each(t.errors,(function(e,t){$('#page-new-provider [name="'+e+'"]').addClass("is-invalid"),$('#page-new-provider [name="'+e+'"]').parent(".form-floating").addClass("is-invalid"),$('#page-new-provider [name="'+e+'"]').after('<div class="invalid-feedback">'+t+"</div>")})):(e.discardNew(),e.rebuildList(),e.refreshSelectList())}),"json").fail((function(){alert("Connection lost, please try again.")})).always((function(e){n.prop("disabled",!1).html(n.data("html")),$("#page-new-provider input").prop("disabled",!1),$('input[name="'+e.csrf.name+'"]').val(e.csrf.value)}))})),$("#modal-provider").on("hidden.bs.modal",(function(){e.discardNew()})),$("#modal-provider").on("show.bs.modal",(function(){e.rebuildList(),$("#provider-list .overlay").remove(),$("#provider-list .overflow-hidden").addClass("overflow-auto").removeClass("overflow-hidden"),$("#provider-list tr.table-light").removeClass("table-light")})),$('input[name="search-provider"]').on("input",(function(){var t=$(this);e.disableEditMode(),$.each($("#page-provider table tbody tr.pointer"),(function(e,n){$(n).toggleClass("search-not-match",!$(n).text().toLowerCase().includes(t.val().toLowerCase()))}))})),this.refreshSelectList()}refreshSelectList(){$('select[name="provider"]').empty().append("<option selected disabled></option>"),$.get("./provider.json",(function(e){e.length>0&&$.each(e,(function(e,t){$('select[name="provider"]').append('<option value="'+t.provider_id+'">'+t.name+"</option>")}))}))}discardNew(){$("#page-new-provider .is-invalid").removeClass("is-invalid"),$("#page-new-provider .invalid-feedback").remove(),$("#page-new-provider input").val(""),$("#page-provider").removeClass("d-none"),$("#page-new-provider").addClass("d-none")}rebuildList(){let e=this;$("#provider-list").addClass("d-none"),$("#page-provider .loader").removeClass("d-none"),$('#provider-list input[name="search-provider"]').val(""),$("#provider-list table tbody").empty(),this.getControlPanelNames((function(t){$.get("./provider.json",(function(n){$("#page-provider .loader").addClass("d-none"),$("#page-provider").find(".alert").remove(),n.length>0?($("#provider-list").removeClass("d-none"),$.each(n,(function(n,a){var o=$('<tr class="pointer">').append('<td class="editable text-truncate">'+a.name+"</td>").append('<td class="editable text-truncate text-muted">'+a.website+"</td>").append('<td class="editable text-truncate text-muted">'+a.control_panel_name+"</td>").append('<td class="editable text-truncate text-muted">'+a.control_panel_url+"</td>").append('<td class="editable text-end text-muted">'+a.total_machine+"</td>"),i=$('<i class="bi bi-pencil me-1 invisible pointer">').on("click",(function(t){t.preventDefault(),e.enableEditMode($(this).parent())})),r=$('<i class="bi bi-trash invisible pointer">').on("click",(function(e){e.preventDefault();var t=$('<div class="dropdown-menu dropdown-confirm show">'),n=$('<div class="overlay position-absolute top-0 start-0 opacity-50 bg-light w-100 h-100">'),i=$('<div class="p-2">').append('<h6>Confirm to delete <span class="text-danger">'+a.name+"</span>?</h6>");a.total_machine>0&&i.append('<small class="d-block">'+a.total_machine+" machine"+(a.total_machine>1?"s":"")+" owned by this provider will be orphaned.</small>");var r=$('<button class="btn btn-sm btn-outline-secondary" style="padding:.1rem 1rem;margin-right:.5rem">').html("No").on("click",(function(e){e.preventDefault(),n.remove(),$("#provider-list .overflow-hidden").addClass("overflow-auto").removeClass("overflow-hidden"),$(this).closest("tr").removeClass("table-light"),t.remove()})),d=$('<button class="btn btn-sm btn-danger" style="padding:.1rem 1rem">').html("Yes").on("click",(function(e){e.preventDefault(),n.remove(),$("#provider-list .overflow-hidden").addClass("overflow-auto").removeClass("overflow-hidden"),$(this).closest("tr").removeClass("table-light"),o.closest("tr").remove(),o.remove(),$.post("./provider.json",{id:a.provider_id,__CSRF_TOKEN__:$('input[name="__CSRF_TOKEN__"]').val(),action:"delete"}).fail((function(){alert("Connection lost, please try again.")})).always((function(e){$('input[name="'+e.csrf.name+'"]').val(e.csrf.value)}))}));$(".dropdown-confirm").remove(),$(this).after(t.append(i).append($('<div class="mt-1 text-center">').append(r).append(d))),t.offset({top:$(this).offset().top+$(this).outerHeight()-t.outerHeight(),left:$(this).offset().left-$(this).outerWidth()-t.outerWidth()}),$("#provider-list .overflow-auto").removeClass("overflow-auto").addClass("overflow-hidden").prepend(n),$(this).closest("tr").addClass("table-light")})),d=$('<td class="text-end" style="width: 60px;">').append(i).append(r),l=$('<input type="text" name="cp" value="'+a.control_panel_name+'" data-value="'+a.control_panel_name+'" class="form-control form-control-sm" autocomplete="off" autocapitalize="off">'),s=$('<tr class="edit d-none">').append('<td><input type="text" name="name" value="'+a.name+'" data-value="'+a.name+'" class="form-control form-control-sm"></td>').append('<td><input type="text" name="website" value="'+a.website+'" data-value="'+a.website+'" class="form-control form-control-sm"></td>').append($("<td>").append(l)).append('<td><input type="text" name="cpUrl" value="'+a.control_panel_url+'" data-value="'+a.control_panel_url+'" class="form-control form-control-sm"><input type="hidden" name="id" value="'+a.provider_id+'"></td>').append('<td class="text-end">'+a.total_machine+"</td>"),p=$('<i class="bi bi-check me-1 pointer">').on("click",(function(t){t.preventDefault(),s.find(".is-invalid").removeClass("is-invalid"),$.post("./provider.json",s.find(":input").serialize()+"&__CSRF_TOKEN__="+$('input[name="__CSRF_TOKEN__"]').val(),(function(t){Object.keys(t.errors).length>0?$.each(t.errors,(function(e,t){s.find('[name="'+e+'"]').addClass("is-invalid")})):(e.rebuildList(),e.refreshSelectList())}),"json").fail((function(){alert("Connection lost, please try again.")})).always((function(e){$('input[name="'+e.csrf.name+'"]').val(e.csrf.value)}))})),c=$('<i class="bi bi-x pointer">').on("click",(function(t){t.preventDefault(),e.disableEditMode()}));o.append(d),o.find("td.editable").on("click",(function(t){t.preventDefault(),e.enableEditMode(this)})),s.find('input[type="text"]').on("keypress",(function(e){13==e.which&&p.trigger("click")})),$("#provider-list table tbody").append(o).append(s.append($('<td class="text-end" style="width: 60px;">').append(p).append(c))),l.autoComplete({source:t})}))):$("#provider-list").addClass("d-none").after('<div class="alert alert-light mt-3">No data available.</div>')})).fail((function(){alert("Connection lost, please try again.")}))}))}getControlPanelNames(e){$.get("./provider.json?action=control-panel",(function(t){e(t)}))}disableEditMode(){$("#provider-list table tbody tr.d-none").removeClass("d-none"),$("#provider-list table tbody tr.edit:not(.d-none)").addClass("d-none")}enableEditMode(e){$("#provider-list table tbody tr.d-none").removeClass("d-none"),$("#provider-list table tbody tr.edit:not(.d-none)").addClass("d-none"),$("#provider-list table tbody tr").find(".is-invalid").removeClass("is-invalid"),$.each($("#provider-list table tbody tr").find('input[type="text"]'),(function(e,t){$(t).val($(t).attr("data-value"))})),$(e).closest("tr").addClass("d-none"),$(e).closest("tr").next().removeClass("d-none")}}


--------------------------------------------------------------------------------
/assets/js/select-search.js:
--------------------------------------------------------------------------------
  1 | (function ($) {
  2 | 	$.fn.selectSearch = function (options) {
  3 | 		$.each(this, function (i, select) {
  4 | 			var classes = $(select).attr('class').split(' ');
  5 | 			var currentText = $(select).find('option:selected').text();
  6 | 			var $dropdown = $('<ul class="dropdown-menu shadow">');
  7 | 			var $input = $('<input type="text" class="form-control select-search-input" autocomplete="off" autocapitalize="off">');
  8 | 			var search = typeof $(select).data('search') !== 'undefined';
  9 | 			var $listContainer = $('<div class="w-100 overflow-x-hidden overflow-y-scroll">');
 10 | 
 11 | 			// Enable search
 12 | 			if (search) {
 13 | 				$input
 14 | 					.on('input', function () {
 15 | 						populateOptionItems();
 16 | 					})
 17 | 					.on('keypress', function (e) {
 18 | 						// When enter is pressed
 19 | 						if (e.which === 13) {
 20 | 							$listContainer.find('a.active').trigger('click');
 21 | 						}
 22 | 					})
 23 | 					.on('keydown', function (e) {
 24 | 						// When tab is pressed
 25 | 						if (e.which === 9) {
 26 | 							$listContainer.find('a.active').trigger('click');
 27 | 						}
 28 | 					});
 29 | 
 30 | 				$dropdown.append($('<li class="p-2">').append($input));
 31 | 			}
 32 | 
 33 | 			$dropdown.append($listContainer);
 34 | 
 35 | 			classes.push('select-search');
 36 | 
 37 | 			var $select = $('<div class="' + classes.join(' ') + '">')
 38 | 				.css({
 39 | 					height: $(select).outerHeight(),
 40 | 				})
 41 | 				.html('<div class="overflow-hidden text-nowrap">' + (currentText.length > 0 ? currentText : '&nbsp;') + '</div>')
 42 | 				.on('click', function () {
 43 | 					if ($(this).hasClass('disabled')) {
 44 | 						return;
 45 | 					}
 46 | 
 47 | 					$(this).addClass('focus');
 48 | 
 49 | 					// Close dropdown menu
 50 | 					if ($dropdown.hasClass('show')) {
 51 | 						closeOptionList();
 52 | 					}
 53 | 
 54 | 					// Open dropdown menu
 55 | 					else {
 56 | 						openOptionList();
 57 | 						populateOptionItems();
 58 | 					}
 59 | 				});
 60 | 
 61 | 			$(select)
 62 | 				.addClass('d-none')
 63 | 				.after($select, $dropdown);
 64 | 
 65 | 			$(select).on('change', function () {
 66 | 				$select
 67 | 					.data('value', $(this).val())
 68 | 					.find('div')
 69 | 						.html($(this).find('option:selected').html());
 70 | 			});
 71 | 
 72 | 			// On blur event
 73 | 			$(document).on('mouseup', function (e) {
 74 | 				if (!$select.is(e.target) && !$input.is(e.target) && !$listContainer.is(e.target)) {
 75 | 					$select.removeClass('focus');
 76 | 					$dropdown.removeClass('show');
 77 | 				}
 78 | 			});
 79 | 
 80 | 			$(document).on('keydown', function (e) {
 81 | 				var items = $listContainer.find('a');
 82 | 
 83 | 				switch (e.which) {
 84 | 					// Escape pressed
 85 | 					case 27:
 86 | 						closeOptionList();
 87 | 						break;
 88 | 
 89 | 					// Up arrow
 90 | 					case 38:
 91 | 						if (!$select.hasClass('focus')) {
 92 | 							e.preventDefault();
 93 | 
 94 | 							return;
 95 | 						}
 96 | 
 97 | 						openOptionList();
 98 | 
 99 | 						if ($listContainer.find('li a.active').length === 0) {
100 | 							$(items[0]).addClass('active');
101 | 						} else {
102 | 							$.each(items, function (index, item) {
103 | 								if ($(item).hasClass('active')) {
104 | 									var $activeItem = $(items[(index === 0 ? items.length : index) - 1]);
105 | 
106 | 									$(item).removeClass('active');
107 | 									$activeItem.addClass('active');
108 | 
109 | 									var itemTop = $activeItem.position().top + $listContainer.scrollTop() - ($activeItem.outerHeight() * 2);
110 | 									var scrollHeight = $listContainer.scrollTop() + $listContainer.outerHeight();
111 | 
112 | 									if (itemTop > scrollHeight || itemTop < $listContainer.scrollTop()) {
113 | 										$listContainer.scrollTop($listContainer.scrollTop() + $activeItem.position().top - ($activeItem.outerHeight() * 2));
114 | 									}
115 | 
116 | 
117 | 									return false;
118 | 								}
119 | 							});
120 | 						}
121 | 						break;
122 | 
123 | 					// Down arrow
124 | 					case 40:
125 | 						if (!$select.hasClass('focus')) {
126 | 							e.preventDefault();
127 | 							break;
128 | 						}
129 | 
130 | 						openOptionList();
131 | 
132 | 						// No item selected
133 | 						if ($listContainer.find('a.active').length === 0) {
134 | 							$(items[0]).addClass('active');
135 | 						} else {
136 | 							$.each(items, function (index, item) {
137 | 								if ($(item).hasClass('active')) {
138 | 									var $activeItem = $(items[(index === items.length - 1 ? -1 : index) + 1]);
139 | 
140 | 									$(item).removeClass('active');
141 | 									$activeItem.addClass('active');
142 | 
143 | 									var itemTop = $activeItem.position().top + $listContainer.scrollTop() - $activeItem.outerHeight();
144 | 									var scrollHeight = $listContainer.scrollTop() + $listContainer.outerHeight();
145 | 
146 | 									if (itemTop > scrollHeight || itemTop < $listContainer.scrollTop()) {
147 | 										$listContainer.scrollTop($listContainer.scrollTop() + $activeItem.position().top - ($activeItem.outerHeight() * 2));
148 | 									}
149 | 
150 | 									return false;
151 | 								}
152 | 							});
153 | 						}
154 | 						break;
155 | 
156 | 					default:
157 | 				}
158 | 			});
159 | 
160 | 			var observer = new MutationObserver(function(mutations) {
161 | 				for (var i=0, mutation; mutation = mutations[i]; i++) {
162 | 					// Listen to disabled/enabled events
163 | 					if (mutation.attributeName == 'disabled') {
164 | 						if (mutation.target.disabled) {
165 | 							$select.addClass('disabled');
166 | 						} else {
167 | 							$select.removeClass('disabled');
168 | 						}
169 | 					}
170 | 
171 | 					// Listen to class change events
172 | 					if (mutation.attributeName == 'class') {
173 | 						if ($(mutation.target).hasClass('is-invalid')) {
174 | 							$select.addClass('is-invalid');
175 | 						} else {
176 | 							$select.removeClass('is-invalid');
177 | 						}
178 | 					}
179 | 				};
180 | 			});
181 | 
182 | 			observer.observe(select, { attributes: true });
183 | 
184 | 			var openOptionList = function () {
185 | 				$dropdown
186 | 					.css({
187 | 						width: $select.outerWidth(),
188 | 					})
189 | 					.addClass('show');
190 | 
191 | 				if ($input) {
192 | 					$input.val('').focus();
193 | 				}
194 | 
195 | 				var maxHeight = $(window).height() - ($select.offset().top + $select.outerHeight() + 100);
196 | 				maxHeight = (maxHeight > 300) ? 300 : maxHeight;
197 | 
198 | 				$listContainer.css({
199 | 					maxHeight: maxHeight,
200 | 				});
201 | 			};
202 | 
203 | 			var closeOptionList = function () {
204 | 				$dropdown.removeClass('show');
205 | 			};
206 | 
207 | 			var populateOptionItems = function () {
208 | 				// Clear existing option items
209 | 				$listContainer.empty();
210 | 
211 | 				var index = 0;
212 | 
213 | 				$.each($(select).find('option'), function (i, option) {
214 | 					if (option.text.toLowerCase().includes($input.val().trim().toLowerCase())) {
215 | 						if (option.text.length == 0) {
216 | 							index++;
217 | 							return;
218 | 						}
219 | 
220 | 						var $a = $('<a href="#" class="dropdown-item" data-value="' + option.value + '">')
221 | 							.html(option.text)
222 | 							.on('click', function (e) {
223 | 								e.preventDefault();
224 | 
225 | 								$(select).val(option.value);
226 | 								$select
227 | 									.data('value', option.value)
228 | 									.find('div')
229 | 										.html(option.text);
230 | 
231 | 								$dropdown.removeClass('show');
232 | 							});
233 | 
234 | 						if ($input.val().length > 0) {
235 | 							if (index === 0) {
236 | 								$a.addClass('active');
237 | 							}
238 | 						} else if ($(select).val() === option.value) {
239 | 							$a.addClass('active');
240 | 						}
241 | 
242 | 						$listContainer.append($('<li class="select-search-item' + ($select.data('value') === option.value ? ' active' : '') + '">').append($a));
243 | 
244 | 						index++;
245 | 					}
246 | 				});
247 | 
248 | 				if ($listContainer.find('a.active')) {
249 | 					var $activeItem = $listContainer.find('a.active');
250 | 
251 | 					if ($activeItem.length > 0) {
252 | 						$listContainer.scrollTop($listContainer.scrollTop() + $activeItem.position().top - ($activeItem.outerHeight() * 2));
253 | 					}
254 | 				}
255 | 			};
256 | 		});
257 | 	};
258 | })(jQuery);
259 | 


--------------------------------------------------------------------------------
/assets/js/settings.js:
--------------------------------------------------------------------------------
  1 | class Settings {
  2 | 	constructor() {
  3 | 		var _this = this;
  4 | 
  5 | 		$('#menu-settings').on('click', function (e) {
  6 | 			e.preventDefault();
  7 | 			$('#modal-settings').modal('show');
  8 | 		});
  9 | 
 10 | 		$('#modal-settings').on('show.bs.modal', function () {
 11 | 			if ($.cookie('theme')) {
 12 | 				$('select[name="theme"]').val($.cookie('theme'));
 13 | 			}
 14 | 
 15 | 			if ($.cookie('page-length')) {
 16 | 				$('select[name="page-length"]').val($.cookie('page-length'));
 17 | 			}
 18 | 
 19 | 			_this.refreshCurrencyList();
 20 | 		});
 21 | 
 22 | 		$('select[name="theme"]').on('change', function () {
 23 | 			$.cookie('theme', $(this).val());
 24 | 
 25 | 			window.location.href = window.location.href;
 26 | 		});
 27 | 
 28 | 		$('select[name="page-length"]').on('change', function () {
 29 | 			$.cookie('page-length', $(this).val());
 30 | 
 31 | 			window.location.href = window.location.href;
 32 | 		});
 33 | 
 34 | 		$('#btn-add-currency').on('click', function (e) {
 35 | 			e.preventDefault();
 36 | 
 37 | 			_this.refreshCurrencyList();
 38 | 
 39 | 			var $trNew = $('<tr>').append('<td><input type="text" name="code" value="" class="form-control form-control-sm" maxlength="3"></td>').append('<td><input type="text" name="rate" value="" class="form-control form-control-sm text-end"></td>');
 40 | 
 41 | 			var $save = $('<i class="bi bi-check pointer me-2">').on('click', function (e) {
 42 | 				e.preventDefault();
 43 | 
 44 | 				$trNew.find('.is-invalid').removeClass('is-invalid');
 45 | 
 46 | 				$.post(
 47 | 					'./currency.json',
 48 | 					{
 49 | 						new: $trNew.find('input[name="code"]').val(),
 50 | 						rate: $trNew.find('input[name="rate"]').val(),
 51 | 						__CSRF_TOKEN__: $('input[name="__CSRF_TOKEN__"]').val(),
 52 | 					},
 53 | 					function (response) {
 54 | 						if (Object.keys(response.errors).length > 0) {
 55 | 							$.each(response.errors, function (key) {
 56 | 								$trNew.find('input[name="' + key + '"]').addClass('is-invalid');
 57 | 							});
 58 | 
 59 | 							return;
 60 | 						}
 61 | 
 62 | 						_this.refreshCurrencyList();
 63 | 					}
 64 | 				)
 65 | 					.fail(function () {
 66 | 						alert('Connection lost, please try again.');
 67 | 					})
 68 | 					.always(function (response) {
 69 | 						$('input[name="' + response.csrf.name + '"]').val(response.csrf.value);
 70 | 					});
 71 | 			});
 72 | 
 73 | 			var $close = $('<i class="bi bi-x pointer">').on('click', function (e) {
 74 | 				e.preventDefault();
 75 | 				$trNew.remove();
 76 | 			});
 77 | 
 78 | 			$('#table-currency tbody').prepend($trNew.append($('<td class="text-end">').append($save).append($close)));
 79 | 		});
 80 | 	}
 81 | 
 82 | 	refreshCurrencyList() {
 83 | 		var _this = this;
 84 | 
 85 | 		$('#table-currency tbody').empty();
 86 | 
 87 | 		$.get('./currency.json', function (response) {
 88 | 			if (response.length > 0) {
 89 | 				$.each(response, function (key, value) {
 90 | 					var $tr = $('<tr class="display">');
 91 | 					var $trEdit = $('<tr class="edit d-none">')
 92 | 						.append('<td><input type="text" name="code" value="' + value.currency_code + '" data-value="' + value.currency_code + '" class="form-control form-control-sm" maxlength="3"></td>')
 93 | 						.append('<td><input type="text" name="rate" value="' + value.rate + '" data-value="' + value.rate + '" class="form-control form-control-sm text-end"></td>');
 94 | 					var $edit = $('<i class="bi bi-pencil-square pointer me-2">').on('click', function (e) {
 95 | 						e.preventDefault();
 96 | 
 97 | 						$('#table-currency tr.display').toggleClass('d-none', false);
 98 | 						$('#table-currency tr.edit').toggleClass('d-none', true);
 99 | 
100 | 						$tr.toggleClass('d-none', true);
101 | 						$trEdit.toggleClass('d-none', false);
102 | 					});
103 | 					var $delete = $('<i class="bi bi-trash pointer">').on('click', function (e) {
104 | 						e.preventDefault();
105 | 
106 | 						var $dropdown = $('<div class="dropdown-menu dropdown-confirm show">');
107 | 						var $overlay = $('<div class="overlay position-absolute top-0 start-0 opacity-50 bg-light w-100 h-100">');
108 | 
109 | 						var $content = $('<div class="p-2">').append('<h6>Confirm to delete <span class="text-danger"><strong>' + value.currency_code + '</strong></span>?</h6>');
110 | 
111 | 						var $no = $('<button class="btn btn-sm btn-outline-secondary" style="padding:.1rem 1rem;margin-right:.5rem">')
112 | 							.html('No')
113 | 							.on('click', function (e) {
114 | 								e.preventDefault();
115 | 								$overlay.remove();
116 | 								$('#currency-list').addClass('overflow-auto').removeClass('overflow-hidden');
117 | 
118 | 								$(this).closest('tr').removeClass('table-light');
119 | 
120 | 								$dropdown.remove();
121 | 							});
122 | 
123 | 						var $yes = $('<button class="btn btn-sm btn-danger" style="padding:.1rem 1rem">')
124 | 							.html('Yes')
125 | 							.on('click', function (e) {
126 | 								e.preventDefault();
127 | 								$overlay.remove();
128 | 								$('#currency-list').addClass('overflow-auto').removeClass('overflow-hidden');
129 | 
130 | 								$(this).closest('tr').removeClass('table-light');
131 | 
132 | 								$tr.closest('tr').remove();
133 | 								$tr.remove();
134 | 
135 | 								$.post(
136 | 									'./currency.json',
137 | 									{
138 | 										action: 'delete',
139 | 										code: value.currency_code,
140 | 										__CSRF_TOKEN__: $('input[name="__CSRF_TOKEN__"]').val(),
141 | 									},
142 | 									function () {}
143 | 								)
144 | 									.fail(function () {
145 | 										alert('Connection lost, please try again.');
146 | 									})
147 | 									.always(function (response) {
148 | 										$('input[name="' + response.csrf.name + '"]').val(response.csrf.value);
149 | 									});
150 | 							});
151 | 
152 | 						$('.dropdown-confirm').remove();
153 | 
154 | 						$(this).after($dropdown.append($content).append($('<div class="mt-1 text-center">').append($no).append($yes)));
155 | 
156 | 						$dropdown.offset({
157 | 							top: $(this).offset().top + $(this).outerHeight() - $dropdown.outerHeight(),
158 | 							left: $(this).offset().left - $(this).outerWidth() - $dropdown.outerWidth(),
159 | 						});
160 | 
161 | 						$('#currency-list').removeClass('overflow-auto').addClass('overflow-hidden').prepend($overlay);
162 | 
163 | 						$(this).closest('tr').addClass('table-light');
164 | 					});
165 | 
166 | 					var $save = $('<i class="bi bi-check pointer me-2">').on('click', function (e) {
167 | 						e.preventDefault();
168 | 
169 | 						$trEdit.find('.is-invalid').removeClass('is-invalid');
170 | 
171 | 						$.post(
172 | 							'./currency.json',
173 | 							{
174 | 								code: value.currency_code,
175 | 								new: $trEdit.find('input[name="code"]').val(),
176 | 								rate: $trEdit.find('input[name="rate"]').val(),
177 | 								__CSRF_TOKEN__: $('input[name="__CSRF_TOKEN__"]').val(),
178 | 							},
179 | 							function (response) {
180 | 								if (Object.keys(response.errors).length > 0) {
181 | 									$.each(response.errors, function (key) {
182 | 										$trEdit.find('input[name="' + key + '"]').addClass('is-invalid');
183 | 									});
184 | 
185 | 									return;
186 | 								}
187 | 
188 | 								_this.refreshCurrencyList();
189 | 							}
190 | 						)
191 | 							.fail(function () {
192 | 								alert('Connection lost, please try again.');
193 | 							})
194 | 							.always(function (response) {
195 | 								$('input[name="' + response.csrf.name + '"]').val(response.csrf.value);
196 | 							});
197 | 					});
198 | 
199 | 					var $cancel = $('<i class="bi bi-x pointer">').on('click', function (e) {
200 | 						e.preventDefault();
201 | 
202 | 						$trEdit.find('input[name="code"]').val($trEdit.find('input[name="code"]').data('value'));
203 | 						$trEdit.find('input[name="rate"]').val($trEdit.find('input[name="rate"]').data('value'));
204 | 						$trEdit.find('.is-invalid').removeClass('is-invalid');
205 | 
206 | 						$tr.toggleClass('d-none', false);
207 | 						$trEdit.toggleClass('d-none', true);
208 | 					});
209 | 
210 | 					if (value.currency_code == 'USD') {
211 | 						$tr.append('<td class="text-muted"><strong>' + value.currency_code + '</strong></td>')
212 | 							.append('<td class="text-end text-muted"><strong>' + value.rate + '</strong></td>')
213 | 							.append('<td class="text-end">&nbsp;</td>');
214 | 
215 | 						$('#table-currency tbody').append($tr);
216 | 					} else {
217 | 						$tr.append('<td>' + value.currency_code + '</td>')
218 | 							.append('<td class="text-end">' + value.rate + '</td>')
219 | 							.append($('<td class="text-end">').append($edit).append($delete));
220 | 
221 | 						$('#table-currency tbody').append($tr);
222 | 						$('#table-currency tbody').append($trEdit.append($('<td class="text-end">').append($save).append($cancel)));
223 | 					}
224 | 				});
225 | 			}
226 | 		}).fail(function () {
227 | 			alert('Connection lost, please try again.');
228 | 		});
229 | 	}
230 | }
231 | 


--------------------------------------------------------------------------------
/libraries/Http/Client.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Http;
  4 | 
  5 | class Client
  6 | {
  7 | 	/**
  8 | 	 * cURL object.
  9 | 	 *
 10 | 	 * @var object
 11 | 	 */
 12 | 	protected $http;
 13 | 
 14 | 	/**
 15 | 	 * Collection of errors.
 16 | 	 *
 17 | 	 * @var array
 18 | 	 */
 19 | 	private $logs = [];
 20 | 
 21 | 	/**
 22 | 	 * File to store cookies.
 23 | 	 *
 24 | 	 * @var string
 25 | 	 */
 26 | 	private $cookies;
 27 | 
 28 | 	/**
 29 | 	 * Initialize cURL object.
 30 | 	 *
 31 | 	 * @param array $options
 32 | 	 */
 33 | 	public function __construct($options = [])
 34 | 	{
 35 | 		$this->http = curl_init();
 36 | 
 37 | 		curl_setopt($this->http, CURLOPT_FAILONERROR, false);
 38 | 		curl_setopt($this->http, CURLOPT_FOLLOWLOCATION, true);
 39 | 		curl_setopt($this->http, CURLOPT_AUTOREFERER, true);
 40 | 		curl_setopt($this->http, CURLOPT_RETURNTRANSFER, true);
 41 | 		curl_setopt($this->http, CURLOPT_HEADER, true);
 42 | 		curl_setopt($this->http, CURLOPT_SSL_VERIFYPEER, false);
 43 | 		curl_setopt($this->http, CURLOPT_ENCODING, 'gzip, deflate');
 44 | 		curl_setopt($this->http, CURLOPT_HTTP_VERSION, '1.1');
 45 | 
 46 | 		$this->cookies = tempnam(sys_get_temp_dir(), 'cookies_' . md5(microtime()));
 47 | 
 48 | 		curl_setopt($this->http, CURLOPT_COOKIEFILE, $this->cookies);
 49 | 		curl_setopt($this->http, CURLOPT_COOKIEJAR, $this->cookies);
 50 | 
 51 | 		if (isset($options['user_agent'])) {
 52 | 			curl_setopt($this->http, CURLOPT_USERAGENT, $options['user_agent']);
 53 | 		}
 54 | 
 55 | 		if (isset($options['timeout'])) {
 56 | 			curl_setopt($this->http, CURLOPT_TIMEOUT, $options['timeout']);
 57 | 		}
 58 | 
 59 | 		if (isset($options['referer'])) {
 60 | 			curl_setopt($this->http, CURLOPT_REFERER, $options['referer']);
 61 | 		}
 62 | 
 63 | 		if (isset($options['headers'])) {
 64 | 			curl_setopt($this->http, CURLOPT_HTTPHEADER, $options['headers']);
 65 | 		}
 66 | 
 67 | 		if (isset($options['username']) && isset($options['password'])) {
 68 | 			curl_setopt($this->http, CURLOPT_USERPWD, $options['username'] . ':' . $options['password']);
 69 | 		}
 70 | 	}
 71 | 
 72 | 	/**
 73 | 	 * Destroy cURL object.
 74 | 	 */
 75 | 	public function __destruct()
 76 | 	{
 77 | 		curl_close($this->http);
 78 | 	}
 79 | 
 80 | 	/**
 81 | 	 * Get logs for debugging purpose.
 82 | 	 *
 83 | 	 * @return array
 84 | 	 */
 85 | 	public function getLogs()
 86 | 	{
 87 | 		return $this->logs;
 88 | 	}
 89 | 
 90 | 	/**
 91 | 	 * Send a GET request.
 92 | 	 *
 93 | 	 * @param string $url
 94 | 	 *
 95 | 	 * @return array|null
 96 | 	 */
 97 | 	public function get($url)
 98 | 	{
 99 | 		curl_setopt($this->http, CURLOPT_URL, $url);
100 | 		curl_setopt($this->http, CURLOPT_HTTPGET, true);
101 | 
102 | 		$this->logs[] = 'GET ' . $url;
103 | 
104 | 		$response = curl_exec($this->http);
105 | 
106 | 		if (curl_errno($this->http)) {
107 | 			$this->logs[] = '[ERROR] [' . curl_errno($this->http) . '] ' . curl_error($this->http);
108 | 
109 | 			return false;
110 | 		}
111 | 
112 | 		$code = curl_getinfo($this->http, CURLINFO_HTTP_CODE);
113 | 		$size = curl_getinfo($this->http, CURLINFO_HEADER_SIZE);
114 | 
115 | 		$this->logs[] = '[STATUS] ' . $code;
116 | 		$headers = $this->parseHeader(substr($response, 0, $size));
117 | 
118 | 		return [
119 | 			'response_code' => $code,
120 | 			'header'        => $headers,
121 | 			'body'          => substr($response, $size),
122 | 		];
123 | 	}
124 | 
125 | 	/**
126 | 	 * Send a POST request.
127 | 	 *
128 | 	 * @param string $url
129 | 	 * @param array  $fields
130 | 	 *
131 | 	 * @return array|null
132 | 	 */
133 | 	public function post($url, $fields = [])
134 | 	{
135 | 		curl_setopt($this->http, CURLOPT_URL, $url);
136 | 		curl_setopt($this->http, CURLOPT_POST, true);
137 | 
138 | 		$this->logs[] = 'POST ' . $url;
139 | 
140 | 		if ($fields) {
141 | 			curl_setopt($this->http, CURLOPT_POSTFIELDS, (\is_array($fields)) ? http_build_query($fields) : $fields);
142 | 
143 | 			$this->logs[] = (\is_array($fields)) ? http_build_query($fields) : $fields;
144 | 		}
145 | 
146 | 		$response = curl_exec($this->http);
147 | 
148 | 		if (curl_errno($this->http)) {
149 | 			$this->logs[] = '[ERROR] [' . curl_errno($this->http) . '] ' . curl_error($this->http);
150 | 
151 | 			return false;
152 | 		}
153 | 
154 | 		$code = curl_getinfo($this->http, CURLINFO_HTTP_CODE);
155 | 		$size = curl_getinfo($this->http, CURLINFO_HEADER_SIZE);
156 | 
157 | 		$this->logs[] = '[STATUS] ' . $code;
158 | 		$headers = $this->parseHeader(substr($response, 0, $size));
159 | 
160 | 		return [
161 | 			'response_code' => $code,
162 | 			'header'        => $headers,
163 | 			'body'          => substr($response, $size),
164 | 		];
165 | 	}
166 | 
167 | 	/**
168 | 	 * Download a file to local.
169 | 	 *
170 | 	 * @param string $url
171 | 	 * @param string $path
172 | 	 *
173 | 	 * @return array|false
174 | 	 */
175 | 	public function download($url, $path)
176 | 	{
177 | 		curl_setopt($this->http, CURLOPT_HEADER, false);
178 | 		curl_setopt($this->http, CURLOPT_URL, $url);
179 | 		curl_setopt($this->http, CURLOPT_HTTPGET, true);
180 | 
181 | 		if (is_dir($path)) {
182 | 			$path = $path . \DIRECTORY_SEPARATOR . md5(microtime());
183 | 		}
184 | 
185 | 		$buffer = tmpfile();
186 | 		curl_setopt($this->http, CURLOPT_WRITEHEADER, $buffer);
187 | 
188 | 		if (($fp = fopen($path, 'w')) === false) {
189 | 			$this->logs[] = '[ERROR] Directory is not writable.';
190 | 
191 | 			return false;
192 | 		}
193 | 
194 | 		curl_setopt($this->http, CURLOPT_FILE, $fp);
195 | 
196 | 		$this->logs[] = 'GET ' . $url;
197 | 
198 | 		curl_exec($this->http);
199 | 
200 | 		curl_setopt($this->http, CURLOPT_HEADER, 1);
201 | 
202 | 		fclose($fp);
203 | 
204 | 		if (!curl_errno($this->http)) {
205 | 			$code = curl_getinfo($this->http, CURLINFO_HTTP_CODE);
206 | 			$this->logs[] = '[STATUS] ' . $code;
207 | 
208 | 			rewind($buffer);
209 | 			$headers = $this->parseHeader(stream_get_contents($buffer));
210 | 			fclose($buffer);
211 | 
212 | 			if (isset($headers['Content-disposition'])) {
213 | 				if (preg_match('/filename="([^"]+)/', $headers['Content-disposition'], $matches)) {
214 | 					rename($path, \dirname($path) . \DIRECTORY_SEPARATOR . $matches[1]);
215 | 					$path = \dirname($path) . \DIRECTORY_SEPARATOR . $matches[1];
216 | 				}
217 | 			}
218 | 
219 | 			return [
220 | 				'file' => $path,
221 | 				'size' => filesize($path),
222 | 			];
223 | 		}
224 | 
225 | 		$this->logs[] = '[ERROR] [' . curl_errno($this->http) . '] ' . curl_error($this->http);
226 | 
227 | 		return false;
228 | 	}
229 | 
230 | 	/**
231 | 	 * Upload file.
232 | 	 *
233 | 	 * @param string $url
234 | 	 * @param array  $fields
235 | 	 * @param array  $files
236 | 	 *
237 | 	 * @return array|null
238 | 	 */
239 | 	public function upload($url, $fields = [], $files = [])
240 | 	{
241 | 		curl_setopt($this->http, CURLOPT_URL, $url);
242 | 		curl_setopt($this->http, CURLOPT_POST, true);
243 | 
244 | 		if (!empty($files)) {
245 | 			foreach ($files as $key => $file) {
246 | 				if (!file_exists($file)) {
247 | 					continue;
248 | 				}
249 | 
250 | 				$fields[$key] = '@' . ((strpos(PHP_OS, 'WIN') !== false) ? str_replace('/', '\\\\', $file) : $file);
251 | 			}
252 | 		}
253 | 
254 | 		$queries = (!empty($fields)) ? http_build_query($fields) : '';
255 | 
256 | 		if ($queries) {
257 | 			curl_setopt($this->http, CURLOPT_POSTFIELDS, $queries);
258 | 		}
259 | 
260 | 		$this->logs[] = 'POST ' . $url . (($queries) ? (' ' . $queries) : '');
261 | 
262 | 		$response = curl_exec($this->http);
263 | 
264 | 		if (!curl_errno($this->http)) {
265 | 			$code = curl_getinfo($this->http, CURLINFO_HTTP_CODE);
266 | 			$size = curl_getinfo($this->http, CURLINFO_HEADER_SIZE);
267 | 
268 | 			$this->logs[] = '[STATUS] ' . $code;
269 | 			$headers = $this->parseHeader(substr($response, 0, $size));
270 | 
271 | 			return [
272 | 				'response_code' => $code,
273 | 				'header'        => $headers,
274 | 				'body'          => substr($response, $size),
275 | 			];
276 | 		}
277 | 
278 | 		$this->logs[] = '[ERROR] [' . curl_errno($this->http) . '] ' . curl_error($this->http);
279 | 
280 | 		return null;
281 | 	}
282 | 
283 | 	/**
284 | 	 * Use a HTTP proxy.
285 | 	 *
286 | 	 * @param string $host
287 | 	 * @param string $port
288 | 	 * @param string $username
289 | 	 * @param string $password
290 | 	 */
291 | 	public function useProxy($host, $port, $username = '', $password = '')
292 | 	{
293 | 		curl_setopt($this->http, CURLOPT_PROXY, $host . ':' . $port);
294 | 
295 | 		if ($username && $password) {
296 | 			curl_setopt($this->http, CURLOPT_PROXYUSERPWD, $username . ':' . $password);
297 | 		}
298 | 	}
299 | 
300 | 	/**
301 | 	 * Process headers received from HTTP request.
302 | 	 *
303 | 	 * @param string $raw
304 | 	 *
305 | 	 * @return string
306 | 	 */
307 | 	private function parseHeader($raw)
308 | 	{
309 | 		$headers = [];
310 | 
311 | 		$rows = explode("\r\n", $raw);
312 | 
313 | 		foreach ($rows as $row) {
314 | 			if (strpos($row, ':') === false) {
315 | 				continue;
316 | 			}
317 | 
318 | 			list($key, $value) = explode(':', $row, 2);
319 | 			$headers[$key] = trim($value);
320 | 		}
321 | 
322 | 		return $headers;
323 | 	}
324 | }
325 | 


--------------------------------------------------------------------------------
/assets/js/provider.js:
--------------------------------------------------------------------------------
  1 | class Provider {
  2 | 	constructor() {
  3 | 		let _this = this;
  4 | 
  5 | 		$('#menu-provider').on('click', function (e) {
  6 | 			e.preventDefault();
  7 | 			$('#modal-provider').modal('show');
  8 | 		});
  9 | 
 10 | 		$('#btn-new-provider').on('click', function (e) {
 11 | 			e.preventDefault();
 12 | 			$('#page-provider').addClass('d-none');
 13 | 			$('#page-new-provider').removeClass('d-none');
 14 | 
 15 | 			$.get('./provider.json?action=control-panel', function (names) {
 16 | 				$('#page-new-provider input[name="cp"]').autoComplete({
 17 | 					source: names,
 18 | 				}).refresh();
 19 | 			});
 20 | 		});
 21 | 
 22 | 		$('#page-new-provider .btn-outline-secondary').on('click', function (e) {
 23 | 			e.preventDefault();
 24 | 			_this.discardNew();
 25 | 		});
 26 | 
 27 | 		$('#page-new-provider .btn-primary').on('click', function (e) {
 28 | 			e.preventDefault();
 29 | 
 30 | 			var $btn = $(this);
 31 | 			var values = $('#page-new-provider form').serialize();
 32 | 
 33 | 			$btn.data('html', $btn.html())
 34 | 				.css({
 35 | 					width: $btn.outerWidth(),
 36 | 					height: $btn.outerHeight(),
 37 | 				})
 38 | 				.prop('disabled', true)
 39 | 				.html('<div class="loader-inner ball-beat"><div></div><div></div><div></div></div>');
 40 | 
 41 | 			$('#page-new-provider input').prop('disabled', true);
 42 | 
 43 | 			$('#page-new-provider .is-invalid').removeClass('is-invalid');
 44 | 			$('#page-new-provider .invalid-feedback').remove();
 45 | 
 46 | 			$.post(
 47 | 				'./provider.json',
 48 | 				values + '&__CSRF_TOKEN__=' + $('input[name="__CSRF_TOKEN__"]').val(),
 49 | 				function (response) {
 50 | 					if (Object.keys(response.errors).length > 0) {
 51 | 						$.each(response.errors, function (key, value) {
 52 | 							$('#page-new-provider [name="' + key + '"]').addClass('is-invalid');
 53 | 							$('#page-new-provider [name="' + key + '"]')
 54 | 								.parent('.form-floating')
 55 | 								.addClass('is-invalid');
 56 | 							$('#page-new-provider [name="' + key + '"]').after('<div class="invalid-feedback">' + value + '</div>');
 57 | 						});
 58 | 
 59 | 						return;
 60 | 					}
 61 | 
 62 | 					_this.discardNew();
 63 | 					_this.rebuildList();
 64 | 					_this.refreshSelectList();
 65 | 				},
 66 | 				'json'
 67 | 			)
 68 | 				.fail(function () {
 69 | 					alert('Connection lost, please try again.');
 70 | 				})
 71 | 				.always(function (response) {
 72 | 					$btn.prop('disabled', false).html($btn.data('html'));
 73 | 
 74 | 					$('#page-new-provider input').prop('disabled', false);
 75 | 
 76 | 					$('input[name="' + response.csrf.name + '"]').val(response.csrf.value);
 77 | 				});
 78 | 		});
 79 | 
 80 | 		$('#modal-provider').on('hidden.bs.modal', function () {
 81 | 			_this.discardNew();
 82 | 		});
 83 | 
 84 | 		$('#modal-provider').on('show.bs.modal', function () {
 85 | 			_this.rebuildList();
 86 | 
 87 | 			// Restore provider list overlay
 88 | 			$('#provider-list .overlay').remove();
 89 | 			$('#provider-list .overflow-hidden')
 90 | 				.addClass('overflow-auto')
 91 | 				.removeClass('overflow-hidden');
 92 | 
 93 | 			$('#provider-list tr.table-light').removeClass('table-light');
 94 | 		});
 95 | 
 96 | 		$('input[name="search-provider"]').on('input', function () {
 97 | 			var $input = $(this);
 98 | 
 99 | 			// Restore table rows
100 | 			_this.disableEditMode();
101 | 
102 | 			$.each($('#page-provider table tbody tr.pointer'), function (i, tr) {
103 | 				$(tr).toggleClass('search-not-match', !$(tr).text().toLowerCase().includes($input.val().toLowerCase()));
104 | 			});
105 | 		});
106 | 
107 | 		this.refreshSelectList();
108 | 	}
109 | 
110 | 	refreshSelectList() {
111 | 		$('select[name="provider"]')
112 | 			.empty()
113 | 			.append('<option selected disabled></option>');
114 | 
115 | 
116 | 		$.get('./provider.json', function (data) {
117 | 			if (data.length > 0) {
118 | 				$.each(data, function (key, value) {
119 | 					$('select[name="provider"]').append('<option value="' + value.provider_id + '">' + value.name + '</option>');
120 | 				});
121 | 			}
122 | 		});
123 | 	}
124 | 
125 | 	discardNew() {
126 | 		$('#page-new-provider .is-invalid').removeClass('is-invalid');
127 | 		$('#page-new-provider .invalid-feedback').remove();
128 | 		$('#page-new-provider input').val('');
129 | 		$('#page-provider').removeClass('d-none');
130 | 		$('#page-new-provider').addClass('d-none');
131 | 	}
132 | 
133 | 	rebuildList() {
134 | 		let _this = this;
135 | 
136 | 		$('#provider-list').addClass('d-none');
137 | 		$('#page-provider .loader').removeClass('d-none');
138 | 		$('#provider-list input[name="search-provider"]').val('');
139 | 		$('#provider-list table tbody').empty();
140 | 
141 | 		this.getControlPanelNames(function (controlPanelNames) {
142 | 			$.get('./provider.json', function (data) {
143 | 				$('#page-provider .loader').addClass('d-none');
144 | 				$('#page-provider').find('.alert').remove();
145 | 
146 | 				if (data.length > 0) {
147 | 					$('#provider-list').removeClass('d-none');
148 | 
149 | 					$.each(data, function (key, value) {
150 | 						var $tr = $('<tr class="pointer">')
151 | 							.append('<td class="editable text-truncate">' + value.name + '</td>')
152 | 							.append('<td class="editable text-truncate text-muted">' + value.website + '</td>')
153 | 							.append('<td class="editable text-truncate text-muted">' + value.control_panel_name + '</td>')
154 | 							.append('<td class="editable text-truncate text-muted">' + value.control_panel_url + '</td>')
155 | 							.append('<td class="editable text-end text-muted">' + value.total_machine + '</td>');
156 | 
157 | 						var $edit = $('<i class="bi bi-pencil me-1 invisible pointer">').on('click', function (e) {
158 | 							e.preventDefault();
159 | 							_this.enableEditMode($(this).parent());
160 | 						});
161 | 
162 | 						var $delete = $('<i class="bi bi-trash invisible pointer">').on('click', function (e) {
163 | 							e.preventDefault();
164 | 							var $dropdown = $('<div class="dropdown-menu dropdown-confirm show">');
165 | 							var $overlay = $('<div class="overlay position-absolute top-0 start-0 opacity-50 bg-light w-100 h-100">');
166 | 
167 | 							var $content = $('<div class="p-2">')
168 | 								.append('<h6>Confirm to delete <span class="text-danger">' + value.name + '</span>?</h6>');
169 | 
170 | 							if (value.total_machine > 0) {
171 | 								$content.append('<small class="d-block">' + value.total_machine + ' machine' + ((value.total_machine > 1) ? 's' : '') + ' owned by this provider will be orphaned.</small>');
172 | 							}
173 | 
174 | 							var $no = $('<button class="btn btn-sm btn-outline-secondary" style="padding:.1rem 1rem;margin-right:.5rem">')
175 | 								.html('No')
176 | 								.on('click', function (e) {
177 | 									e.preventDefault();
178 | 									$overlay.remove();
179 | 									$('#provider-list .overflow-hidden')
180 | 										.addClass('overflow-auto')
181 | 										.removeClass('overflow-hidden');
182 | 
183 | 									$(this).closest('tr').removeClass('table-light');
184 | 
185 | 									$dropdown.remove();
186 | 								});
187 | 
188 | 							var $yes = $('<button class="btn btn-sm btn-danger" style="padding:.1rem 1rem">')
189 | 								.html('Yes')
190 | 								.on('click', function (e) {
191 | 									e.preventDefault();
192 | 									$overlay.remove();
193 | 									$('#provider-list .overflow-hidden')
194 | 										.addClass('overflow-auto')
195 | 										.removeClass('overflow-hidden');
196 | 
197 | 									$(this).closest('tr').removeClass('table-light');
198 | 
199 | 									$tr.closest('tr').remove();
200 | 									$tr.remove();
201 | 
202 | 									$.post('./provider.json', {
203 | 										id: value.provider_id,
204 | 										__CSRF_TOKEN__: $('input[name="__CSRF_TOKEN__"]').val(),
205 | 										action: 'delete',
206 | 									})
207 | 										.fail(function() {
208 | 											alert('Connection lost, please try again.');
209 | 										})
210 | 										.always(function (response) {
211 | 											$('input[name="' + response.csrf.name + '"]').val(response.csrf.value);
212 | 										});
213 | 								});
214 | 
215 | 							$('.dropdown-confirm').remove();
216 | 							$(this).after($dropdown
217 | 								.append($content)
218 | 								.append($('<div class="mt-1 text-center">').append($no).append($yes)));
219 | 
220 | 							$dropdown.offset({
221 | 								top: $(this).offset().top + $(this).outerHeight() - $dropdown.outerHeight(),
222 | 								left: $(this).offset().left - $(this).outerWidth() - $dropdown.outerWidth(),
223 | 							});
224 | 
225 | 							$('#provider-list .overflow-auto')
226 | 								.removeClass('overflow-auto')
227 | 								.addClass('overflow-hidden')
228 | 								.prepend($overlay);
229 | 
230 | 							$(this).closest('tr').addClass('table-light');
231 | 						});
232 | 
233 | 						var $td = $('<td class="text-end" style="width: 60px;">').append($edit).append($delete);
234 | 
235 | 						var $controlPanel = $('<input type="text" name="cp" value="' + value.control_panel_name + '" data-value="' + value.control_panel_name + '" class="form-control form-control-sm" autocomplete="off" autocapitalize="off">');
236 | 
237 | 						var $trEdit = $('<tr class="edit d-none">')
238 | 							.append('<td><input type="text" name="name" value="' + value.name + '" data-value="' + value.name + '" class="form-control form-control-sm"></td>')
239 | 							.append('<td><input type="text" name="website" value="' + value.website + '" data-value="' + value.website + '" class="form-control form-control-sm"></td>')
240 | 							.append($('<td>').append($controlPanel))
241 | 							.append('<td><input type="text" name="cpUrl" value="' + value.control_panel_url + '" data-value="' + value.control_panel_url + '" class="form-control form-control-sm"><input type="hidden" name="id" value="' + value.provider_id + '"></td>')
242 | 							.append('<td class="text-end">' + value.total_machine + '</td>');
243 | 
244 | 						var $save = $('<i class="bi bi-check me-1 pointer">').on('click', function (e) {
245 | 							e.preventDefault();
246 | 
247 | 							// Clear existing errors
248 | 							$trEdit.find('.is-invalid').removeClass('is-invalid');
249 | 
250 | 							$.post(
251 | 								'./provider.json',
252 | 								$trEdit.find(':input').serialize() + '&__CSRF_TOKEN__=' + $('input[name="__CSRF_TOKEN__"]').val(),
253 | 								function (response) {
254 | 									if (Object.keys(response.errors).length > 0) {
255 | 										$.each(response.errors, function (i, error) {
256 | 											$trEdit.find('[name="' + i + '"]').addClass('is-invalid');
257 | 										});
258 | 
259 | 										return;
260 | 									}
261 | 
262 | 									_this.rebuildList();
263 | 									_this.refreshSelectList();
264 | 								},
265 | 								'json'
266 | 							)
267 | 								.fail(function () {
268 | 									alert('Connection lost, please try again.');
269 | 								})
270 | 								.always(function (response) {
271 | 									$('input[name="' + response.csrf.name + '"]').val(response.csrf.value);
272 | 								});
273 | 						});
274 | 
275 | 						var $discard = $('<i class="bi bi-x pointer">').on('click', function (e) {
276 | 							e.preventDefault();
277 | 							_this.disableEditMode();
278 | 						});
279 | 
280 | 						$tr.append($td);
281 | 
282 | 						$tr.find('td.editable').on('click', function (e) {
283 | 							e.preventDefault();
284 | 							_this.enableEditMode(this);
285 | 						});
286 | 
287 | 						$trEdit.find('input[type="text"]').on('keypress', function (e) {
288 | 							// Save when enter key pressed
289 | 							if (e.which == 13) {
290 | 								$save.trigger('click');
291 | 							}
292 | 						});
293 | 
294 | 						$('#provider-list table tbody')
295 | 							.append($tr)
296 | 							.append($trEdit.append($('<td class="text-end" style="width: 60px;">').append($save).append($discard)));
297 | 
298 | 						$controlPanel.autoComplete({
299 | 							source: controlPanelNames,
300 | 						});
301 | 					});
302 | 				} else {
303 | 					$('#provider-list').addClass('d-none').after('<div class="alert alert-light mt-3">No data available.</div>');
304 | 				}
305 | 			})
306 | 				.fail(function () {
307 | 					alert('Connection lost, please try again.');
308 | 				});
309 | 		});
310 | 	}
311 | 
312 | 	getControlPanelNames(callback) {
313 | 		$.get('./provider.json?action=control-panel', function (data) {
314 | 			callback(data);
315 | 		});
316 | 	}
317 | 
318 | 	disableEditMode() {
319 | 		// Restore table rows
320 | 		$('#provider-list table tbody tr.d-none').removeClass('d-none');
321 | 		$('#provider-list table tbody tr.edit:not(.d-none)').addClass('d-none');
322 | 	}
323 | 
324 | 	enableEditMode(td) {
325 | 		// Restore table rows
326 | 		$('#provider-list table tbody tr.d-none').removeClass('d-none');
327 | 		$('#provider-list table tbody tr.edit:not(.d-none)').addClass('d-none');
328 | 
329 | 		// Restore inputs stage
330 | 		$('#provider-list table tbody tr').find('.is-invalid').removeClass('is-invalid');
331 | 
332 | 		// Restore inputs value
333 | 		$.each($('#provider-list table tbody tr').find('input[type="text"]'), function (i, input) {
334 | 			$(input).val($(input).attr('data-value'));
335 | 		});
336 | 
337 | 		// Hide display row
338 | 		$(td).closest('tr').addClass('d-none');
339 | 
340 | 		// Show edit row
341 | 		$(td).closest('tr').next().removeClass('d-none');
342 | 	}
343 | }
344 | 


--------------------------------------------------------------------------------
/install/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * @var \DB\Database     $db
  4 |  * @var \Http\Request    $request
  5 |  * @var \Session\Session $session
  6 |  */
  7 | 
  8 | // Preset PHP settings
  9 | error_reporting(E_ALL);
 10 | ini_set('display_errors', 0);
 11 | date_default_timezone_set('UTC');
 12 | 
 13 | // Define this as parent file
 14 | define('INDEX', 1);
 15 | 
 16 | // Define root directory
 17 | define('DS', DIRECTORY_SEPARATOR);
 18 | define('SETUP_ROOT', __DIR__ . DS);
 19 | 
 20 | $parts = explode(DS, __DIR__);
 21 | array_pop($parts);
 22 | define('ROOT', implode(DS, $parts) . DS);
 23 | 
 24 | // Define directories
 25 | define('INCLUDES', ROOT . 'includes' . DS);
 26 | define('LIBRARIES', ROOT . 'libraries' . DS);
 27 | define('LOGS', ROOT . 'logs' . DS);
 28 | define('PAGES', ROOT . 'pages' . DS);
 29 | define('STORAGE', ROOT . 'storage' . DS);
 30 | 
 31 | // Core functions
 32 | require INCLUDES . 'functions.php';
 33 | 
 34 | // Load libraries
 35 | require LIBRARIES . 'autoload.php';
 36 | 
 37 | // Error Handler
 38 | new \Error\Handler(function ($file, $line, $error) {
 39 | 	// Log error
 40 | 	file_put_contents(LOGS . 'error.log', json_encode([
 41 | 		'date'  => date('Y-m-d H:i:s', strtotime('+8 hours')),
 42 | 		'error' => $error,
 43 | 		'file'  => $file . ': ' . $line,
 44 | 		'ip'    => $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1',
 45 | 		'ua'    => $_SERVER['HTTP_USER_AGENT'] ?? '-',
 46 | 		'url'   => $_SERVER['REQUEST_URI'] ?? '-',
 47 | 	]) . "\n", FILE_APPEND);
 48 | 
 49 | 	header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error');
 50 | 	include ROOT . '50x.html';
 51 | 	exit;
 52 | });
 53 | 
 54 | // Page Request
 55 | $request = new \Http\Request();
 56 | 
 57 | $requirements = [
 58 | 	'PHP Version (≥ 8.0.0)' => [
 59 | 		'value'  => PHP_VERSION,
 60 | 		'passed' => (PHP_VERSION > 8),
 61 | 	],
 62 | 	'PDO\\SQLite Extension' => [
 63 | 		'value'  => extension_loaded('pdo_sqlite') ? 'Enabled' : 'Not enabled',
 64 | 		'passed' => extension_loaded('pdo_sqlite'),
 65 | 	],
 66 | 	'./configuration.php' => [
 67 | 		'value'  => file_exists(ROOT . 'configuration.php') ? 'Found' : 'Not found',
 68 | 		'passed' => file_exists(ROOT . 'configuration.php'),
 69 | 	],
 70 | 	'./configuration.php Permission' => [
 71 | 		'value'  => is_writable(ROOT . 'configuration.php') ? 'Writable' : 'Not writable',
 72 | 		'passed' => is_writable(ROOT . 'configuration.php'),
 73 | 	],
 74 | 	'./logs Permission' => [
 75 | 		'value'  => is_writable(LOGS) ? 'Writable' : 'Not writable',
 76 | 		'passed' => is_writable(LOGS),
 77 | 	],
 78 | 	'./storage Permission' => [
 79 | 		'value'  => is_writable(STORAGE) ? 'Writable' : 'Not writable',
 80 | 		'passed' => is_writable(STORAGE),
 81 | 	],
 82 | ];
 83 | 
 84 | require ROOT . 'configuration.php';
 85 | 
 86 | $requirementsFulfilled = true;
 87 | $requirementsTable = [];
 88 | 
 89 | foreach ($requirements as $title => $values) {
 90 | 	$requirementsTable[] = '
 91 | 	<tr>
 92 | 		<th>' . $title . '</th>
 93 | 		<td class="text-end">' . $values['value'] . '&nbsp;&nbsp;&nbsp;&nbsp;' . (($values['passed']) ? '<i class="bi bi-check-circle-fill text-success"></i>' : '<i class="bi bi-x-circle-fill text-danger"></i>') . '</td>
 94 | 	</tr>';
 95 | 
 96 | 	if (!$values['passed']) {
 97 | 		$requirementsFulfilled = false;
 98 | 	}
 99 | }
100 | 
101 | switch ((int) $request->get('step', 1)) {
102 | 	case 2:
103 | 		// Installation is completed
104 | 		if (isset($config['privateKey']) && file_exists(STORAGE . substr(hash('sha256', $config['privateKey']), 0, 32) . '.sqlite')) {
105 | 			header('Location: ./?step=3');
106 | 			exit;
107 | 		}
108 | 
109 | 		// Make sure requirements fulfilled
110 | 		if (!$requirementsFulfilled) {
111 | 			header('Location: ./?step=1');
112 | 			exit;
113 | 		}
114 | 
115 | 		$errors = [];
116 | 		$username = $request->post('username');
117 | 		$password = $request->post('password');
118 | 		$confirmPassword = $request->post('confirmPassword');
119 | 
120 | 		if ($request->isPost()) {
121 | 			if (!preg_match('/^[a-z0-9]{6,20}$/', $username)) {
122 | 				$errors['username'] = 'Only lower case letters and numbers between 6 and 20 characters.';
123 | 			}
124 | 
125 | 			if (mb_strlen($password) < 8 || !preg_match('@[A-Z]@', $password) || !preg_match('@[a-z]@', $password) || !preg_match('@[0-9]@', $password) || !preg_match('@[^\w]@', $password)) {
126 | 				$errors['password'] = 'A password must be at least 8 characters in length, include at least one upper case letter, one number, and one special character.';
127 | 			}
128 | 
129 | 			if ($confirmPassword != $password) {
130 | 				$errors['confirmPassword'] = 'Password not match.';
131 | 			}
132 | 
133 | 			if (empty($errors)) {
134 | 				// Generate a random private key
135 | 				$privateKey = hash('sha256', microtime(true) . mt_rand(10000, 99999));
136 | 
137 | 				// Write configuration file
138 | 				file_put_contents(ROOT . 'configuration.php', implode("\n", [
139 | 					'<?php',
140 | 					'$config = [',
141 | 					'	\'username\'   => \'' . $username . '\',',
142 | 					'	\'password\'   => \'' . str_replace('\'', '\\\'', $password) . '\',',
143 | 					'	\'privateKey\' => \'' . $privateKey . '\',',
144 | 					'];',
145 | 				]));
146 | 
147 | 				// Create SQLite tables
148 | 
149 | 				try {
150 | 					$db = new \SQLite\Database(STORAGE . substr(hash('sha256', $privateKey), 0, 32) . '.sqlite');
151 | 					$db->saveErrorLog(LOGS . 'sqlite-error.log');
152 | 
153 | 					$queries = array_filter(explode(';', file_get_contents(SETUP_ROOT . 'tables.sql')));
154 | 
155 | 					foreach ($queries as $query) {
156 | 						$db->execute($query);
157 | 					}
158 | 				} catch (Exception $e) {
159 | 					echo $e->getMessage();
160 | 					exit;
161 | 				}
162 | 
163 | 				header('Location: ./?step=3');
164 | 				exit;
165 | 			}
166 | 		}
167 | 
168 | 		$content = '
169 | 		<h4>Credentials (Step 2 of 2)</h4>
170 | 
171 | 		<form method="post">
172 | 			<div class="form-floating mb-3">
173 | 				<input type="text" class="form-control' . ((isset($errors['username'])) ? ' is-invalid' : '') . '" id="username" name="username" value="' . $request->input($username) . '" placeholder="">
174 | 				' . ((isset($errors['username'])) ? '<div class="invalid-feedback">' . $errors['username'] . '</div>' : '') . '
175 | 				<label for="username">Username</label>
176 | 			</div>
177 | 			<div class="form-floating mb-3">
178 | 				<input type="password" class="form-control' . ((isset($errors['password'])) ? ' is-invalid' : '') . '" id="password" name="password" value="" placeholder="">
179 | 				' . ((isset($errors['password'])) ? '<div class="invalid-feedback">' . $errors['password'] . '</div>' : '') . '
180 | 				<label for="password">Password</label>
181 | 			</div>
182 | 			<div class="form-floating mb-3">
183 | 				<input type="password" class="form-control' . ((isset($errors['confirmPassword'])) ? ' is-invalid' : '') . '" id="confirmPassword" name="confirmPassword" value="" placeholder="">
184 | 				' . ((isset($errors['confirmPassword'])) ? '<div class="invalid-feedback">' . $errors['confirmPassword'] . '</div>' : '') . '
185 | 				<label for="confirmPassword">ConfirmPassword</label>
186 | 			</div>
187 | 			<div class="text-end">
188 | 				<form>
189 | 					<button type="submit" class="btn btn-success"><i class="bi bi-arrow-right-circle-fill"></i> Submit</button>
190 | 				</form>
191 | 			</div>
192 | 		</form>';
193 | 		break;
194 | 
195 | 	case 3:
196 | 		// Make sure requirements fulfilled
197 | 		if (!$requirementsFulfilled) {
198 | 			header('Location: ./?step=1');
199 | 			exit;
200 | 		}
201 | 
202 | 		// Make sure private key is created
203 | 		if (!preg_match('/privateKey\' => \'([^\']+)/', file_get_contents(ROOT . 'configuration.php'), $matches)) {
204 | 			header('Location: ./?step=2');
205 | 			exit;
206 | 		}
207 | 
208 | 		// Make sure SQLite database is created
209 | 		if (!file_exists(STORAGE . substr(hash('sha256', $matches[1]), 0, 32) . '.sqlite')) {
210 | 			header('Location: ./?step=2');
211 | 			exit;
212 | 		}
213 | 
214 | 		$content = '
215 | 		<div class="alert alert-success">
216 | 			<strong>Installation completed.</strong> Please remove the <code>install</code> folder.
217 | 		</div>';
218 | 		break;
219 | 
220 | 	case 1:
221 | 	default:
222 | 		// Installation is completed
223 | 		if (isset($config['privateKey']) && file_exists(STORAGE . substr(hash('sha256', $config['privateKey']), 0, 32) . '.sqlite')) {
224 | 			header('Location: ./?step=3');
225 | 			exit;
226 | 		}
227 | 
228 | 		$content = '
229 | 		<h4>Requirements (Step 1 of 2)</h4>
230 | 
231 | 		<table class="table table-hover table-striped">
232 | 			' . implode('', $requirementsTable) . '
233 | 		</table>
234 | 
235 | 		<div class="text-end">
236 | 			<form>
237 | 				<input type="hidden" name="step" value="2">
238 | 				<button type="button" class="btn btn btn-primary" onclick="window.location.href = window.location.href;"><i class="bi bi-arrow-clockwise"></i></button>
239 | 				<button type="submit" class="btn btn-success' . ((!$requirementsFulfilled) ? ' disabled' : '') . '"><i class="bi bi-arrow-right-circle-fill"></i> Continue</button>
240 | 			</form>
241 | 		</div>';
242 | 		break;
243 | }
244 | ?>
245 | <!DOCTYPE html>
246 | <html lang="en" class="h-100">
247 | <head>
248 | 	<meta charset="utf-8">
249 | 	<meta name="viewport" content="width=device-width, initial-scale=1">
250 | 
251 | 	<title>Carotu Installation</title>
252 | 
253 | 	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootswatch/5.3.2/flatly/bootstrap.min.css">
254 | 	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-icons/1.11.1/font/bootstrap-icons.min.css">
255 | 	<link rel="stylesheet" href="../assets/css/style.min.css">
256 | </head>
257 | 
258 | <body class="d-flex flex-column h-100">
259 | 	<div class="container mt-5">
260 | 		<div class="row mb-5">
261 | 			<div class="col-lg-4 offset-lg-4">
262 | 				<div class="logo">
263 | 					<img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj48c3ZnIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIHZpZXdCb3g9IjAgMCAxMDI0IDEwMjQiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIgeG1sbnM6c2VyaWY9Imh0dHA6Ly93d3cuc2VyaWYuY29tLyIgc3R5bGU9ImZpbGwtcnVsZTpldmVub2RkO2NsaXAtcnVsZTpldmVub2RkO3N0cm9rZS1saW5lam9pbjpyb3VuZDtzdHJva2UtbWl0ZXJsaW1pdDoyOyI+PGcgaWQ9ImxvZ28tbG9nbyI+PGc+PGc+PHBhdGggZD0iTTcxNi44MjMsNjQ0LjgxM2wtNTMuODM4LC0wYy04LjI0MywtMCAtMTQuOTQzLDYuNzA3IC0xNC45NDMsMTQuOTQzYy0wLDguMTk5IDYuNywxNC44OTIgMTQuOTQzLDE0Ljg5Mmw1My44MzgsLTBsMCwyLjg1NmMwLDg0Ljg5NyAtMTM4LjEzNCwxNjkuNDgzIC0yMDQuODIzLDIwMS44MjZjLTI0LjI1NSwtMTEuNzM4IC01Ny44NjcsLTMwLjQxNCAtOTAuOTQ0LC01My41MDRsMjUuNDU3LC0wYzUuNDkxLC0wIDkuODk4LC00LjQgOS44OTgsLTkuODgzYy0wLC01LjQ5MSAtNC40MDcsLTkuOTM1IC05Ljg5OCwtOS45MzVsLTUyLjE5MSwtMGMtNDcuMjQyLC0zNy4zNjYgLTg3LjE1MywtODIuODk0IC04Ny4xNTMsLTEyOC41MDRsMCwtMTkuMzg4bDU0LjY2MiwwYzcuMzIzLDAgMTMuMjM3LC01LjkyOCAxMy4yMzcsLTEzLjMwM2MtMCwtNy4zMTYgLTUuOTE0LC0xMy4yMyAtMTMuMjM3LC0xMy4yM2wtNTQuNjYyLDBsMCwtNzkuNTQ3YzEuNywwLjQzOCAzLjQ5NSwwLjc3MSA1LjMzNSwwLjc3MWw2OC42MzMsMGMxMS4xMDgsMCAyMC4xMywtOS4wMTUgMjAuMTMsLTIwLjExNWMwLC0xMS4xMTQgLTkuMDIyLC0yMC4xMjkgLTIwLjEzLC0yMC4xMjlsLTY4LjYzMywtMGMtMS43OTUsLTAgLTMuNDk0LDAuMjg5IC01LjE0OSwwLjcxOWM0LjYxNSwtMTA0LjEzNiA4Ny4yNjQsLTE4OC4yOTIgMTkwLjc3LC0xOTUuMjI5bDAuMDQ1LDU2Ljc0NmMtMTcuNjA4LDUuODMyIC0zMC4zMSwyMi4zNjQgLTMwLjMxLDQxLjkxNWwtMCw0OC4yNThjLTAsMjQuNDA0IDE5LjczNiw0NC4xNCA0NC4xNCw0NC4xNGMyNC4zNDQsMCA0NC4wODEsLTE5LjczNiA0NC4wODEsLTQ0LjE0bC0wLC00OC4yNThjLTAsLTE5LjU1MSAtMTIuNzEsLTM2LjA4MyAtMzAuMzAyLC00MS45MTVsMC4wODksLTU2Ljc0NmMxMDMuMjY4LDYuOTM3IDE4NS43NjksOTAuNzA3IDE5MC43MjUsMTk0LjUxbC00MS42NzcsLTBjLTguNzI1LC0wIC0xNS44MTEsNy4wNzEgLTE1LjgxMSwxNS44MTFjLTAsOC43NjMgNy4wODYsMTUuODQ5IDE1LjgxMSwxNS44NDlsNDEuOTA3LC0wbDAsMTAwLjU5Wm0tMjA0LjgyMywtMzg1LjQ5NWMtMTQ1LjAyLC0wIC0yNjMuMDM5LDExOC4wMDQgLTI2My4wMzksMjYzLjAzOWwwLDE1NS4xNDdjMCw2My40NDcgNDMuNDEzLDEyNy4wMzQgMTI5LjAyMywxODkuMDM0YzYwLjE4OSw0My41NDcgMTM0LjAxNiw3Ni44MTcgMTM0LjAxNiw3Ni44MTdjLTAsMCA3My44MTksLTMzLjI3IDEzNC4wMTYsLTc2LjgxN2M4NS42MDIsLTYyIDEyOS4wMjMsLTEyNS41ODcgMTI5LjAyMywtMTg5LjAzNGwtMCwtMTU1LjE0N2MtMCwtMTQ1LjAzNSAtMTE4LjAyNywtMjYzLjAzOSAtMjYzLjAzOSwtMjYzLjAzOSIgc3R5bGU9ImZpbGw6I2ZmNTc1ODtmaWxsLXJ1bGU6bm9uemVybzsiLz48L2c+PGc+PHBhdGggZD0iTTU0Ni4xOTEsMjM4LjgzYzAsMCAxOTUuODY4LDI1LjIyIDIwNS44ODUsLTE1My40ODVjLTAsLTAgLTIyMC4xODIsLTQyLjY5NCAtMjM2LjE3MiwxMjkuMjc0Yy0wLDAgNzEuMjgyLC03OS44MzYgMTcwLjE1LC04My42NWMwLC0wIC0xMzMuMTAzLDUxLjAzMyAtMTM5Ljg2MywxMDcuODYxIiBzdHlsZT0iZmlsbDojN2ZkODU4O2ZpbGwtcnVsZTpub256ZXJvOyIvPjwvZz48Zz48cGF0aCBkPSJNNDc5Ljc5OSwyMzkuMDA4YzAsMCAtMTY3LjE3NSwyMS41MjUgLTE3NS43MjIsLTEzMS4wMDNjLTAsLTAgMTg3LjkyOCwtMzYuNDMyIDIwMS41NjYsMTEwLjMzOWMtMCwwIC02MC44MzUsLTY4LjE0MyAtMTQ1LjIxMywtNzEuMzkzYy0wLDAgMTEzLjU5Nyw0My41NDcgMTE5LjM2OSw5Mi4wNTciIHN0eWxlPSJmaWxsOiM3ZmQ4NTg7ZmlsbC1ydWxlOm5vbnplcm87Ii8+PC9nPjwvZz48L2c+PC9zdmc+" width="64" height="64" class="img-fluid float-start">
264 | 					<h3 class="float-end mt-1">
265 | 						Carotu <small>A list of VMs</small>
266 | 					</h3>
267 | 					<div class="clearfix"></div>
268 | 				</div>
269 | 			</div>
270 | 		</div>
271 | 		<div class="row">
272 | 			<div class="col-lg-4 offset-lg-4">
273 | 				<?php echo $content; ?>
274 | 			</div>
275 | 		</div>
276 | 	</div>
277 | 
278 | 	<footer class="footer mt-auto py-3 bg-light">
279 | 		<div class="container d-flex justify-content-between">
280 | 			<small class="text-muted">
281 | 				<a href="https://github.com/seikan/carotu" target="_blank" class="text-secondary text-decoration-none"><i class="bi bi-github"></i> Star this project on Github</a>
282 | 			</small>
283 | 
284 | 			<small class="text-muted">Carotu <?php echo getVersion(); ?></small>
285 | 		</div>
286 | 	</footer>
287 | 
288 | 	<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
289 | 	<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.2/js/bootstrap.bundle.min.js"></script>
290 | </body>
291 | </html>


--------------------------------------------------------------------------------
/assets/js/search.js:
--------------------------------------------------------------------------------
  1 | (function ($) {
  2 | 	$.fn.search = function (options) {
  3 | 		var filterList = [];
  4 | 
  5 | 		var filters = {
  6 | 			'Bandwidth': {
  7 | 				operators: {
  8 | 					'Equals': '=',
  9 | 					'Greater Than': '>',
 10 | 					'Less Than': '<',
 11 | 				},
 12 | 				unit: 'GB',
 13 | 				description: '<code>number</code> <strong>GB</strong>',
 14 | 			},
 15 | 			'City': {
 16 | 				operators: {
 17 | 					Contains: ':',
 18 | 					Equals: '=',
 19 | 				},
 20 | 				description: '<code>text</code>',
 21 | 			},
 22 | 			'Country': {
 23 | 				operators: {
 24 | 					Contains: ':',
 25 | 					Equals: '=',
 26 | 				},
 27 | 				description: '<code>ISO 3166-2 code or country name</code>',
 28 | 			},
 29 | 			'CPU Core': {
 30 | 				operators: {
 31 | 					'Equals': '=',
 32 | 					'Greater Than': '>',
 33 | 					'Less Than': '<',
 34 | 				},
 35 | 				description: '<code>number</code>',
 36 | 			},
 37 | 			'CPU Speed': {
 38 | 				operators: {
 39 | 					'Equals': '=',
 40 | 					'Greater Than': '>',
 41 | 					'Less Than': '<',
 42 | 				},
 43 | 				unit: 'MHz',
 44 | 				description: '<code>number</code> <strong>MHz</strong>',
 45 | 			},
 46 | 			'Disk Type': {
 47 | 				operators: {
 48 | 					Equals: '=',
 49 | 				},
 50 | 				values: variables.diskTypes,
 51 | 				description: '',
 52 | 			},
 53 | 			'Disk Space': {
 54 | 				operators: {
 55 | 					'Equals': '=',
 56 | 					'Greater Than': '>',
 57 | 					'Less Than': '<',
 58 | 				},
 59 | 				unit: 'GB',
 60 | 				description: '<code>number</code> <strong>GB</strong>',
 61 | 			},
 62 | 			'IP Address': {
 63 | 				operators: {
 64 | 					Contains: ':',
 65 | 					Equals: '=',
 66 | 				},
 67 | 				description: '<code>text</code>',
 68 | 			},
 69 | 			'Label': {
 70 | 				operators: {
 71 | 					Contains: ':',
 72 | 					Equals: '=',
 73 | 				},
 74 | 				description: '<code>text</code>',
 75 | 			},
 76 | 			'NAT': {
 77 | 				operators: {
 78 | 					Equals: '=',
 79 | 				},
 80 | 				values: ['Yes', 'No'],
 81 | 				description: '',
 82 | 			},
 83 | 			'Provider': {
 84 | 				operators: {
 85 | 					Contains: ':',
 86 | 					Equals: '=',
 87 | 				},
 88 | 				description: '<code>text</code>',
 89 | 			},
 90 | 			'RAM': {
 91 | 				operators: {
 92 | 					'Equals': '=',
 93 | 					'Greater Than': '>',
 94 | 					'Less Than': '<',
 95 | 				},
 96 | 				unit: 'MB',
 97 | 				description: '<code>number</code> <strong>MB</strong>',
 98 | 			},
 99 | 			'Virtualization': {
100 | 				operators: {
101 | 					Equals: '=',
102 | 				},
103 | 				values: variables.virtualizations,
104 | 				description: '',
105 | 			},
106 | 			'Visibility': {
107 | 				operators: {
108 | 					Equals: '=',
109 | 				},
110 | 				values: ['All', 'Visible', 'Hidden'],
111 | 				description: '',
112 | 			},
113 | 		};
114 | 
115 | 		var settings = $.extend(
116 | 			{},
117 | 			{
118 | 				placeholder: '',
119 | 				onFilterChanged: function () {},
120 | 			},
121 | 			options
122 | 		);
123 | 
124 | 		var $dropdown = $('<ul class="dropdown-menu shadow">');
125 | 
126 | 		var $input = $('<input type="text" class="form-control" placeholder="' + settings.placeholder + '" autocomplete="off" autocapitalize="off">')
127 | 			.on('focus', function () {
128 | 				openDropDownMenu();
129 | 				populateMenuItems();
130 | 			})
131 | 			.on('blur', function () {
132 | 				setTimeout(function () {
133 | 					if (!$input.is(':focus')) {
134 | 						closeDropDownMenu();
135 | 					}
136 | 				}, 200);
137 | 			})
138 | 			.on('keypress', function (e) {
139 | 				// When enter is pressed
140 | 				if (e.which === 13) {
141 | 					e.preventDefault();
142 | 					expandFilter();
143 | 				}
144 | 			})
145 | 			.on('keydown', function (e) {
146 | 				// When tab is pressed
147 | 				if (e.which === 9) {
148 | 					e.preventDefault();
149 | 					expandFilter();
150 | 				}
151 | 			})
152 | 			.on('input', function () {
153 | 				$clear.toggleClass('d-none', !$input.val());
154 | 				populateMenuItems();
155 | 			});
156 | 
157 | 		var $clear = $('<i class="bi bi-x-lg d-none"></i>').on('click', function () {
158 | 			$input.val('');
159 | 			$(this).addClass('d-none');
160 | 		});
161 | 
162 | 		var $filterList = $('<div class="filter-list mt-2">');
163 | 
164 | 		var openDropDownMenu = function () {
165 | 			$dropdown.toggleClass('show', true);
166 | 		};
167 | 
168 | 		var closeDropDownMenu = function () {
169 | 			$dropdown.toggleClass('show', false);
170 | 		};
171 | 
172 | 		var populateMenuItems = function () {
173 | 			$dropdown
174 | 				.toggleClass('show', true) // Make sure dropdown menu is open
175 | 				.empty(); // Clear existing items
176 | 
177 | 			if ($input.val().length > 0) {
178 | 				var $a = $('<a class="dropdown-item" href="#">')
179 | 					.html('<div style="max-width: 300px; white-space: pre-wrap; word-wrap: break-word; word-break: break-word"><strong>Search: </strong>' + $input.val() + '</div>')
180 | 					.on('click', function () {
181 | 						addFilter('Search', ':', $input.val(), '');
182 | 
183 | 						renderFilterList();
184 | 
185 | 						$input.val('').trigger('input');
186 | 
187 | 						closeDropDownMenu();
188 | 					});
189 | 
190 | 				$dropdown.append($('<li class="filter-item filter-search">').append($a));
191 | 			}
192 | 
193 | 			$.each(filters, function (name, filter) {
194 | 				var skip = false;
195 | 
196 | 				// Filter name not match
197 | 				if (!name.toLowerCase().includes($input.val().toLowerCase()) && !$input.val().toLowerCase().includes(name.toLowerCase())) {
198 | 					return;
199 | 				}
200 | 
201 | 				// Add filter header if not exist
202 | 				if ($dropdown.find('.dropdown-header').length == 0) {
203 | 					$dropdown.append('<li><h5 class="dropdown-header">Filters</h5></li>');
204 | 				}
205 | 
206 | 				// Exact match
207 | 				if (name.toLowerCase() == $input.val().toLowerCase()) {
208 | 					$.each(filter.operators, function (operator, symbol) {
209 | 						var $a = $('<a class="dropdown-item" href="#">')
210 | 							.html(name.replace(new RegExp('(' + $input.val() + ')', 'ig'), '<code>$1</code> ' + symbol + '<small class="d-block">' + operator + '</small>'))
211 | 							.on('click', function (e) {
212 | 								e.preventDefault();
213 | 
214 | 								$input
215 | 									.val(name + ' ' + symbol + ' ')
216 | 									.trigger('input')
217 | 									.focus();
218 | 							});
219 | 
220 | 						$dropdown.append($('<li class="filter-item">').append($a));
221 | 					});
222 | 
223 | 					return;
224 | 				}
225 | 
226 | 				// Check for matching operators
227 | 				$.each(filter.operators, function (operator, symbol) {
228 | 					if (
229 | 						$input
230 | 							.val()
231 | 							.toLowerCase()
232 | 							.includes(name.toLowerCase() + ' ' + symbol)
233 | 					) {
234 | 						if (typeof filter.values !== 'undefined') {
235 | 							$.each(filter.values, function (i, value) {
236 | 								var $a = $('<a class="dropdown-item" href="#">')
237 | 									.html('<strong>' + name + '</strong> ' + symbol + ' ' + value)
238 | 									.on('click', function (e) {
239 | 										e.preventDefault();
240 | 
241 | 										$input.val('').trigger('input');
242 | 
243 | 										addFilter(name, symbol, value, (typeof filter.unit !== 'undefined') ? filter.unit : '') ;
244 | 										renderFilterList();
245 | 
246 | 										closeDropDownMenu();
247 | 									});
248 | 
249 | 								$dropdown.append($('<li class="filter-item">').append($a));
250 | 							});
251 | 						} else {
252 | 							var $a = $('<a class="dropdown-item" href="#">')
253 | 								.html('<strong>' + name + '</strong> ' + symbol + ' ' + filter.description)
254 | 								.on('click', function (e) {
255 | 									$input.focus();
256 | 									e.preventDefault();
257 | 								});
258 | 
259 | 							$dropdown.append($('<li class="filter-item">').append($a));
260 | 						}
261 | 
262 | 						skip = true;
263 | 
264 | 						return false;
265 | 					}
266 | 				});
267 | 
268 | 				if (skip) {
269 | 					return false;
270 | 				}
271 | 
272 | 				var $a = $('<a class="dropdown-item" href="#">')
273 | 					.html(name.replace(new RegExp('(' + $input.val() + ')', 'ig'), '<code>$1</code>'))
274 | 					.on('click', function (e) {
275 | 						e.preventDefault();
276 | 
277 | 						$input.val(name).trigger('input').focus();
278 | 
279 | 						populateMenuItems();
280 | 					});
281 | 
282 | 				$dropdown.append($('<li class="filter-item">').append($a));
283 | 			});
284 | 		};
285 | 
286 | 		var addFilter = function (filter, operator, value, unit) {
287 | 			var isExist = false;
288 | 
289 | 			// Make sure no delimiter is used
290 | 			value = value.replace(/;/g, '').trim();
291 | 
292 | 			if (value.length === 0) {
293 | 				return;
294 | 			}
295 | 
296 | 			if (Object.keys(filterList).length > 0) {
297 | 				$.each(filterList, function (i, list) {
298 | 					if (list.filter == filter && list.operator == operator && list.value == value) {
299 | 						isExist = true;
300 | 
301 | 						return false;
302 | 					}
303 | 				});
304 | 			}
305 | 
306 | 			if (!isExist) {
307 | 				filterList.push({
308 | 					filter: filter,
309 | 					operator: operator,
310 | 					value: value,
311 | 					unit: unit,
312 | 				});
313 | 
314 | 				settings.onFilterChanged(filterList);
315 | 			}
316 | 		};
317 | 
318 | 		var removeFilter = function (filter, operator, value) {
319 | 			if (Object.keys(filterList).length > 0) {
320 | 				$.each(filterList, function (i, list) {
321 | 					if (list.filter == filter && list.operator == operator && list.value == value) {
322 | 						filterList.splice(i, 1);
323 | 						return false;
324 | 					}
325 | 				});
326 | 			}
327 | 		};
328 | 
329 | 		var renderFilterList = function () {
330 | 			$filterList.empty();
331 | 
332 | 			if (Object.keys(filterList).length > 0) {
333 | 				$.each(filterList, function (i, list) {
334 | 					var $close = $('<i class="bi bi-x">').on('click', function () {
335 | 						removeFilter(list.filter, list.operator, list.value);
336 | 						renderFilterList();
337 | 
338 | 						settings.onFilterChanged(filterList);
339 | 					});
340 | 
341 | 					$filterList.append(
342 | 						$('<span class="badge text-bg-warning me-1">')
343 | 							.html(list.filter + ' ' + list.operator + ' ' + list.value + ((typeof list.unit !== 'undefined') ? (' ' + list.unit) : ''))
344 | 							.append($close)
345 | 					);
346 | 				});
347 | 
348 | 				var $clearFilter = $('<button class="btn btn-sm btn-outline-warning p-0 px-1 mt-1 float-end" type="button">')
349 | 					.html('<i class="bi bi-x-circle-fill"></i> Clear Filters')
350 | 					.on('click', function () {
351 | 						filterList = [];
352 | 						$input.val('').trigger('input');
353 | 						renderFilterList();
354 | 
355 | 						settings.onFilterChanged(filterList);
356 | 
357 | 						closeDropDownMenu();
358 | 					});
359 | 
360 | 				$filterList.append($clearFilter).append('<div class="clearfix"></div>');
361 | 			}
362 | 		};
363 | 
364 | 		var expandFilter = function () {
365 | 			// No item is selected
366 | 			if ($dropdown.find('li.filter-item a.active').length == 0) {
367 | 				// Check if one of the operator exist
368 | 				var isFound = false;
369 | 				$.each([':', '=', '<', '>'], function (i, operator) {
370 | 					if ($input.val().includes(operator)) {
371 | 						var parts = $input.val().split(operator);
372 | 						var isValidFilter = false;
373 | 						var unit = '';
374 | 
375 | 						isFound = true;
376 | 
377 | 						// Check for valid filter
378 | 						$.each(filters, function (name, filter) {
379 | 							if (parts[0].trim() == name) {
380 | 								$.each(filter.operators, function (label, symbol) {
381 | 									if (operator == symbol && parts[1].trim().length > 0) {
382 | 										isValidFilter = true;
383 | 										unit = (typeof filter.unit !== 'undefined') ? filter.unit : '';
384 | 
385 | 										return false;
386 | 									}
387 | 								});
388 | 							}
389 | 						});
390 | 
391 | 						if (isValidFilter) {
392 | 							addFilter(parts[0].trim(), operator, parts[1].trim(), unit);
393 | 						}
394 | 
395 | 						renderFilterList();
396 | 
397 | 						$input.val('').trigger('input');
398 | 
399 | 						closeDropDownMenu();
400 | 
401 | 						return false;
402 | 					}
403 | 				});
404 | 
405 | 				// Normal search string
406 | 				if (!isFound && $input.val().length > 0) {
407 | 					addFilter('Search', ':', $input.val(), '');
408 | 
409 | 					renderFilterList();
410 | 
411 | 					$input.val('').trigger('input');
412 | 
413 | 					closeDropDownMenu();
414 | 				}
415 | 			} else {
416 | 				$dropdown.find('li.filter-item a.active').trigger('click');
417 | 			}
418 | 		};
419 | 
420 | 		this.addClass('d-none').after($('<div class="search">').append('<i class="bi bi-search"></i>').append($input).append($clear).append($dropdown).append($filterList));
421 | 
422 | 		$(document).on('keydown', function (e) {
423 | 			switch (e.which) {
424 | 				// Escape pressed
425 | 				case 27:
426 | 					e.preventDefault();
427 | 					closeDropDownMenu();
428 | 					break;
429 | 
430 | 				// Up arrow
431 | 				case 38:
432 | 					if ($dropdown.hasClass('show')) {
433 | 						e.preventDefault();
434 | 					}
435 | 
436 | 					var items = $dropdown.find('li.filter-item a');
437 | 
438 | 					if ($dropdown.find('li.filter-item a.active').length == 0) {
439 | 						if (!$(items[0]).text()) {
440 | 							$(items[1]).addClass('active');
441 | 						} else {
442 | 							$(items[0]).addClass('active');
443 | 						}
444 | 					} else {
445 | 						$.each(items, function (index, item) {
446 | 							if ($(item).hasClass('active')) {
447 | 								$(item).removeClass('active');
448 | 								$(items[(index == 0 ? items.length : index) - 1]).addClass('active');
449 | 
450 | 								return false;
451 | 							}
452 | 						});
453 | 					}
454 | 					break;
455 | 
456 | 				// Down arrow
457 | 				case 40:
458 | 					if ($dropdown.hasClass('show')) {
459 | 						e.preventDefault();
460 | 					}
461 | 
462 | 					var items = $dropdown.find('li.filter-item a');
463 | 
464 | 					if ($dropdown.find('li.filter-item a.active').length == 0) {
465 | 						if (!$(items[0]).text()) {
466 | 							$(items[1]).addClass('active');
467 | 						} else {
468 | 							$(items[0]).addClass('active');
469 | 						}
470 | 					} else {
471 | 						$.each(items, function (index, item) {
472 | 							if ($(item).hasClass('active')) {
473 | 								$(item).removeClass('active');
474 | 								$(items[(index == items.length - 1 ? -1 : index) + 1]).addClass('active');
475 | 
476 | 								return false;
477 | 							}
478 | 						});
479 | 					}
480 | 					break;
481 | 			}
482 | 		});
483 | 	};
484 | })(jQuery);
485 | 


--------------------------------------------------------------------------------
/api/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Carotu REST API
  4 |  *
  5 |  * Standalone REST API for Carotu server inventory management
  6 |  *
  7 |  * Endpoints:
  8 |  * - GET    /api/machines       - List all machines
  9 |  * - GET    /api/machines/:id   - Get machine by ID
 10 |  * - POST   /api/machines       - Create new machine
 11 |  * - PUT    /api/machines/:id   - Update machine
 12 |  * - DELETE /api/machines/:id   - Delete machine
 13 |  * - GET    /api/providers      - List all providers
 14 |  * - GET    /api/payment-cycles - List payment cycles
 15 |  */
 16 | 
 17 | require_once 'config.php';
 18 | 
 19 | // CORS headers
 20 | header('Access-Control-Allow-Origin: ' . CORS_ALLOWED_ORIGINS);
 21 | header('Access-Control-Allow-Methods: ' . CORS_ALLOWED_METHODS);
 22 | header('Access-Control-Allow-Headers: ' . CORS_ALLOWED_HEADERS);
 23 | header('Content-Type: application/json');
 24 | 
 25 | // Handle preflight OPTIONS request
 26 | if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
 27 |     http_response_code(200);
 28 |     exit();
 29 | }
 30 | 
 31 | // Database connection
 32 | try {
 33 |     $db = new PDO('sqlite:' . DB_PATH);
 34 |     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 35 |     $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
 36 | } catch (PDOException $e) {
 37 |     sendError(500, 'Database connection failed: ' . $e->getMessage());
 38 | }
 39 | 
 40 | // Authentication
 41 | $apiKey = $_SERVER['HTTP_X_API_KEY'] ?? '';
 42 | if (!in_array($apiKey, $GLOBALS['VALID_API_KEYS'])) {
 43 |     sendError(401, 'Invalid or missing API key');
 44 | }
 45 | 
 46 | // Parse request
 47 | $method = $_SERVER['REQUEST_METHOD'];
 48 | $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
 49 | $path = trim($path, '/');
 50 | $segments = explode('/', $path);
 51 | 
 52 | // Remove 'api' prefix if present
 53 | if (isset($segments[0]) && $segments[0] === 'api') {
 54 |     array_shift($segments);
 55 | }
 56 | 
 57 | $resource = $segments[0] ?? '';
 58 | $id = $segments[1] ?? null;
 59 | 
 60 | // Get request body for POST/PUT
 61 | $input = json_decode(file_get_contents('php://input'), true);
 62 | 
 63 | // Route requests
 64 | switch ($resource) {
 65 |     case 'machines':
 66 |         handleMachines($method, $id, $input, $db);
 67 |         break;
 68 | 
 69 |     case 'providers':
 70 |         handleProviders($method, $id, $input, $db);
 71 |         break;
 72 | 
 73 |     case 'payment-cycles':
 74 |         handlePaymentCycles($method, $db);
 75 |         break;
 76 | 
 77 |     case 'countries':
 78 |         handleCountries($method, $db);
 79 |         break;
 80 | 
 81 |     case 'stats':
 82 |         handleStats($db);
 83 |         break;
 84 | 
 85 |     default:
 86 |         sendError(404, 'Resource not found');
 87 | }
 88 | 
 89 | /**
 90 |  * Handle /machines endpoints
 91 |  */
 92 | function handleMachines($method, $id, $input, $db) {
 93 |     switch ($method) {
 94 |         case 'GET':
 95 |             if ($id) {
 96 |                 getMachine($id, $db);
 97 |             } else {
 98 |                 listMachines($db);
 99 |             }
100 |             break;
101 | 
102 |         case 'POST':
103 |             createMachine($input, $db);
104 |             break;
105 | 
106 |         case 'PUT':
107 |             if (!$id) {
108 |                 sendError(400, 'Machine ID required');
109 |             }
110 |             updateMachine($id, $input, $db);
111 |             break;
112 | 
113 |         case 'DELETE':
114 |             if (!$id) {
115 |                 sendError(400, 'Machine ID required');
116 |             }
117 |             deleteMachine($id, $db);
118 |             break;
119 | 
120 |         default:
121 |             sendError(405, 'Method not allowed');
122 |     }
123 | }
124 | 
125 | /**
126 |  * List all machines
127 |  */
128 | function listMachines($db) {
129 |     $hidden = $_GET['include_hidden'] ?? 0;
130 | 
131 |     $sql = "SELECT m.*, p.name as provider_name, pc.name as payment_cycle_name, c.country_name
132 |             FROM machine m
133 |             LEFT JOIN provider p ON m.provider_id = p.provider_id
134 |             LEFT JOIN payment_cycle pc ON m.payment_cycle_id = pc.payment_cycle_id
135 |             LEFT JOIN country c ON m.country_code = c.country_code";
136 | 
137 |     if (!$hidden) {
138 |         $sql .= " WHERE m.is_hidden = 0";
139 |     }
140 | 
141 |     $sql .= " ORDER BY m.label ASC";
142 | 
143 |     $stmt = $db->query($sql);
144 |     $machines = $stmt->fetchAll();
145 | 
146 |     sendSuccess(['machines' => $machines, 'count' => count($machines)]);
147 | }
148 | 
149 | /**
150 |  * Get single machine
151 |  */
152 | function getMachine($id, $db) {
153 |     $stmt = $db->prepare("
154 |         SELECT m.*, p.name as provider_name, p.website as provider_website,
155 |                pc.name as payment_cycle_name, c.country_name
156 |         FROM machine m
157 |         LEFT JOIN provider p ON m.provider_id = p.provider_id
158 |         LEFT JOIN payment_cycle pc ON m.payment_cycle_id = pc.payment_cycle_id
159 |         LEFT JOIN country c ON m.country_code = c.country_code
160 |         WHERE m.machine_id = ?
161 |     ");
162 | 
163 |     $stmt->execute([$id]);
164 |     $machine = $stmt->fetch();
165 | 
166 |     if (!$machine) {
167 |         sendError(404, 'Machine not found');
168 |     }
169 | 
170 |     sendSuccess(['machine' => $machine]);
171 | }
172 | 
173 | /**
174 |  * Create new machine
175 |  */
176 | function createMachine($data, $db) {
177 |     // Validate required fields
178 |     $required = ['label', 'ip_address', 'provider_id'];
179 |     foreach ($required as $field) {
180 |         if (!isset($data[$field]) || empty($data[$field])) {
181 |             sendError(400, "Missing required field: $field");
182 |         }
183 |     }
184 | 
185 |     // Validate and sanitize all data
186 |     $data = validateMachineData($data, $db, false);
187 | 
188 |     $now = date('Y-m-d H:i:s');
189 | 
190 |     $sql = "INSERT INTO machine (
191 |         is_hidden, is_nat, label, virtualization, cpu_speed, cpu_core,
192 |         memory, swap, disk_type, disk_space, bandwidth, ip_address,
193 |         country_code, city_name, price, currency_code, payment_cycle_id,
194 |         due_date, notes, date_created, date_modified, provider_id
195 |     ) VALUES (
196 |         :is_hidden, :is_nat, :label, :virtualization, :cpu_speed, :cpu_core,
197 |         :memory, :swap, :disk_type, :disk_space, :bandwidth, :ip_address,
198 |         :country_code, :city_name, :price, :currency_code, :payment_cycle_id,
199 |         :due_date, :notes, :date_created, :date_modified, :provider_id
200 |     )";
201 | 
202 |     $stmt = $db->prepare($sql);
203 |     $stmt->execute([
204 |         ':is_hidden' => $data['is_hidden'] ?? 0,
205 |         ':is_nat' => $data['is_nat'] ?? 0,
206 |         ':label' => $data['label'],
207 |         ':virtualization' => $data['virtualization'] ?? '',
208 |         ':cpu_speed' => $data['cpu_speed'] ?? 0,
209 |         ':cpu_core' => $data['cpu_core'] ?? 0,
210 |         ':memory' => $data['memory'] ?? 0,
211 |         ':swap' => $data['swap'] ?? 0,
212 |         ':disk_type' => $data['disk_type'] ?? '',
213 |         ':disk_space' => $data['disk_space'] ?? 0,
214 |         ':bandwidth' => $data['bandwidth'] ?? 0,
215 |         ':ip_address' => $data['ip_address'],
216 |         ':country_code' => $data['country_code'] ?? '',
217 |         ':city_name' => $data['city_name'] ?? '',
218 |         ':price' => $data['price'] ?? 0,
219 |         ':currency_code' => $data['currency_code'] ?? 'USD',
220 |         ':payment_cycle_id' => $data['payment_cycle_id'] ?? 1,
221 |         ':due_date' => $data['due_date'] ?? '',
222 |         ':notes' => $data['notes'] ?? '',
223 |         ':date_created' => $now,
224 |         ':date_modified' => $now,
225 |         ':provider_id' => $data['provider_id']
226 |     ]);
227 | 
228 |     $machineId = $db->lastInsertId();
229 | 
230 |     sendSuccess([
231 |         'message' => 'Machine created successfully',
232 |         'machine_id' => $machineId
233 |     ], 201);
234 | }
235 | 
236 | /**
237 |  * Update machine
238 |  */
239 | function updateMachine($id, $data, $db) {
240 |     // Check if machine exists
241 |     $stmt = $db->prepare("SELECT machine_id FROM machine WHERE machine_id = ?");
242 |     $stmt->execute([$id]);
243 |     if (!$stmt->fetch()) {
244 |         sendError(404, 'Machine not found');
245 |     }
246 | 
247 |     // Validate and sanitize all data
248 |     $data = validateMachineData($data, $db, true);
249 | 
250 |     $now = date('Y-m-d H:i:s');
251 | 
252 |     // Build UPDATE query dynamically based on provided fields
253 |     $fields = [];
254 |     $values = [];
255 | 
256 |     $allowedFields = [
257 |         'is_hidden', 'is_nat', 'label', 'virtualization', 'cpu_speed', 'cpu_core',
258 |         'memory', 'swap', 'disk_type', 'disk_space', 'bandwidth', 'ip_address',
259 |         'country_code', 'city_name', 'price', 'currency_code', 'payment_cycle_id',
260 |         'due_date', 'notes', 'provider_id'
261 |     ];
262 | 
263 |     foreach ($allowedFields as $field) {
264 |         if (isset($data[$field])) {
265 |             $fields[] = "$field = ?";
266 |             $values[] = $data[$field];
267 |         }
268 |     }
269 | 
270 |     if (empty($fields)) {
271 |         sendError(400, 'No fields to update');
272 |     }
273 | 
274 |     $fields[] = "date_modified = ?";
275 |     $values[] = $now;
276 |     $values[] = $id;
277 | 
278 |     $sql = "UPDATE machine SET " . implode(', ', $fields) . " WHERE machine_id = ?";
279 |     $stmt = $db->prepare($sql);
280 |     $stmt->execute($values);
281 | 
282 |     sendSuccess(['message' => 'Machine updated successfully']);
283 | }
284 | 
285 | /**
286 |  * Delete machine
287 |  */
288 | function deleteMachine($id, $db) {
289 |     $stmt = $db->prepare("DELETE FROM machine WHERE machine_id = ?");
290 |     $stmt->execute([$id]);
291 | 
292 |     if ($stmt->rowCount() === 0) {
293 |         sendError(404, 'Machine not found');
294 |     }
295 | 
296 |     sendSuccess(['message' => 'Machine deleted successfully']);
297 | }
298 | 
299 | /**
300 |  * Handle /providers endpoints
301 |  */
302 | function handleProviders($method, $id, $input, $db) {
303 |     if ($method !== 'GET') {
304 |         sendError(405, 'Method not allowed');
305 |     }
306 | 
307 |     if ($id) {
308 |         $stmt = $db->prepare("SELECT * FROM provider WHERE provider_id = ?");
309 |         $stmt->execute([$id]);
310 |         $provider = $stmt->fetch();
311 | 
312 |         if (!$provider) {
313 |             sendError(404, 'Provider not found');
314 |         }
315 | 
316 |         sendSuccess(['provider' => $provider]);
317 |     } else {
318 |         $stmt = $db->query("SELECT * FROM provider ORDER BY name ASC");
319 |         $providers = $stmt->fetchAll();
320 | 
321 |         sendSuccess(['providers' => $providers, 'count' => count($providers)]);
322 |     }
323 | }
324 | 
325 | /**
326 |  * Handle /payment-cycles endpoints
327 |  */
328 | function handlePaymentCycles($method, $db) {
329 |     if ($method !== 'GET') {
330 |         sendError(405, 'Method not allowed');
331 |     }
332 | 
333 |     $stmt = $db->query("SELECT * FROM payment_cycle ORDER BY month ASC");
334 |     $cycles = $stmt->fetchAll();
335 | 
336 |     sendSuccess(['payment_cycles' => $cycles, 'count' => count($cycles)]);
337 | }
338 | 
339 | /**
340 |  * Handle /countries endpoints
341 |  */
342 | function handleCountries($method, $db) {
343 |     if ($method !== 'GET') {
344 |         sendError(405, 'Method not allowed');
345 |     }
346 | 
347 |     $stmt = $db->query("SELECT * FROM country ORDER BY country_name ASC");
348 |     $countries = $stmt->fetchAll();
349 | 
350 |     sendSuccess(['countries' => $countries, 'count' => count($countries)]);
351 | }
352 | 
353 | /**
354 |  * Handle /stats endpoint
355 |  */
356 | function handleStats($db) {
357 |     $stats = [];
358 | 
359 |     // Total machines
360 |     $stmt = $db->query("SELECT COUNT(*) as count FROM machine WHERE is_hidden = 0");
361 |     $stats['total_machines'] = $stmt->fetch()['count'];
362 | 
363 |     // Total cost per month
364 |     $stmt = $db->query("
365 |         SELECT SUM(m.price) as total
366 |         FROM machine m
367 |         JOIN payment_cycle pc ON m.payment_cycle_id = pc.payment_cycle_id
368 |         WHERE m.is_hidden = 0 AND pc.month = 1
369 |     ");
370 |     $stats['monthly_cost'] = $stmt->fetch()['total'] ?? 0;
371 | 
372 |     // Machines by provider
373 |     $stmt = $db->query("
374 |         SELECT p.name, COUNT(m.machine_id) as count
375 |         FROM machine m
376 |         JOIN provider p ON m.provider_id = p.provider_id
377 |         WHERE m.is_hidden = 0
378 |         GROUP BY p.provider_id
379 |         ORDER BY count DESC
380 |     ");
381 |     $stats['by_provider'] = $stmt->fetchAll();
382 | 
383 |     // Machines by country
384 |     $stmt = $db->query("
385 |         SELECT c.country_name, COUNT(m.machine_id) as count
386 |         FROM machine m
387 |         JOIN country c ON m.country_code = c.country_code
388 |         WHERE m.is_hidden = 0
389 |         GROUP BY m.country_code
390 |         ORDER BY count DESC
391 |     ");
392 |     $stats['by_country'] = $stmt->fetchAll();
393 | 
394 |     sendSuccess(['stats' => $stats]);
395 | }
396 | 
397 | /**
398 |  * Send success response
399 |  */
400 | function sendSuccess($data, $code = 200) {
401 |     http_response_code($code);
402 |     echo json_encode([
403 |         'success' => true,
404 |         'data' => $data
405 |     ], JSON_PRETTY_PRINT);
406 |     exit();
407 | }
408 | 
409 | /**
410 |  * Send error response
411 |  */
412 | function sendError($code, $message) {
413 |     http_response_code($code);
414 |     echo json_encode([
415 |         'success' => false,
416 |         'error' => [
417 |             'code' => $code,
418 |             'message' => $message
419 |         ]
420 |     ], JSON_PRETTY_PRINT);
421 |     exit();
422 | }
423 | 
424 | /**
425 |  * Validate machine data
426 |  *
427 |  * @param array $data Machine data to validate
428 |  * @param PDO $db Database connection
429 |  * @param bool $isUpdate Whether this is an update operation
430 |  * @return array Validated and sanitized data
431 |  */
432 | function validateMachineData($data, $db, $isUpdate = false) {
433 |     $errors = [];
434 | 
435 |     // 1. Validate provider_id (if provided or required for create)
436 |     if (isset($data['provider_id']) || !$isUpdate) {
437 |         if (!isset($data['provider_id']) && !$isUpdate) {
438 |             $errors[] = "Missing required field: provider_id";
439 |         } elseif (isset($data['provider_id'])) {
440 |             if (!is_numeric($data['provider_id']) || $data['provider_id'] <= 0) {
441 |                 $errors[] = "provider_id must be a positive integer";
442 |             } else {
443 |                 // Check if provider exists
444 |                 $stmt = $db->prepare("SELECT provider_id FROM provider WHERE provider_id = ?");
445 |                 $stmt->execute([$data['provider_id']]);
446 |                 if (!$stmt->fetch()) {
447 |                     $errors[] = "Invalid provider_id: provider does not exist";
448 |                 }
449 |             }
450 |         }
451 |     }
452 | 
453 |     // 2. Validate payment_cycle_id (if provided)
454 |     if (isset($data['payment_cycle_id'])) {
455 |         if (!is_numeric($data['payment_cycle_id']) || $data['payment_cycle_id'] <= 0) {
456 |             $errors[] = "payment_cycle_id must be a positive integer";
457 |         } else {
458 |             $stmt = $db->prepare("SELECT payment_cycle_id FROM payment_cycle WHERE payment_cycle_id = ?");
459 |             $stmt->execute([$data['payment_cycle_id']]);
460 |             if (!$stmt->fetch()) {
461 |                 $errors[] = "Invalid payment_cycle_id: payment cycle does not exist";
462 |             }
463 |         }
464 |     }
465 | 
466 |     // 3. Validate country_code (if provided and not empty)
467 |     if (isset($data['country_code']) && $data['country_code'] !== '') {
468 |         if (!preg_match('/^[A-Z]{2}$/i', $data['country_code'])) {
469 |             $errors[] = "country_code must be a 2-letter ISO code";
470 |         } else {
471 |             $stmt = $db->prepare("SELECT country_code FROM country WHERE country_code = ?");
472 |             $stmt->execute([strtoupper($data['country_code'])]);
473 |             if (!$stmt->fetch()) {
474 |                 $errors[] = "Invalid country_code: country does not exist";
475 |             }
476 |             // Normalize to uppercase
477 |             $data['country_code'] = strtoupper($data['country_code']);
478 |         }
479 |     }
480 | 
481 |     // 4. Validate numeric fields (must be non-negative integers)
482 |     $numericFields = [
483 |         'cpu_speed' => 'CPU speed',
484 |         'cpu_core' => 'CPU cores',
485 |         'memory' => 'Memory',
486 |         'swap' => 'Swap',
487 |         'disk_space' => 'Disk space',
488 |         'bandwidth' => 'Bandwidth'
489 |     ];
490 | 
491 |     foreach ($numericFields as $field => $label) {
492 |         if (isset($data[$field])) {
493 |             if (!is_numeric($data[$field])) {
494 |                 $errors[] = "$label must be a number";
495 |             } elseif ($data[$field] < 0) {
496 |                 $errors[] = "$label cannot be negative";
497 |             } else {
498 |                 // Cast to integer
499 |                 $data[$field] = (int)$data[$field];
500 |             }
501 |         }
502 |     }
503 | 
504 |     // 5. Validate price (must be non-negative numeric)
505 |     if (isset($data['price'])) {
506 |         if (!is_numeric($data['price'])) {
507 |             $errors[] = "Price must be a number";
508 |         } elseif ($data['price'] < 0) {
509 |             $errors[] = "Price cannot be negative";
510 |         } else {
511 |             // Cast to float for decimal prices
512 |             $data['price'] = (float)$data['price'];
513 |         }
514 |     }
515 | 
516 |     // 6. Validate boolean fields
517 |     $booleanFields = ['is_hidden', 'is_nat'];
518 |     foreach ($booleanFields as $field) {
519 |         if (isset($data[$field])) {
520 |             $data[$field] = (int)(bool)$data[$field];
521 |         }
522 |     }
523 | 
524 |     // 7. Validate due_date format (if provided and not empty)
525 |     if (isset($data['due_date']) && $data['due_date'] !== '') {
526 |         if (!preg_match('/^\d{4}-\d{2}-\d{2}$/', $data['due_date'])) {
527 |             $errors[] = "due_date must be in YYYY-MM-DD format";
528 |         } else {
529 |             // Validate it's a real date
530 |             $parts = explode('-', $data['due_date']);
531 |             if (!checkdate((int)$parts[1], (int)$parts[2], (int)$parts[0])) {
532 |                 $errors[] = "due_date is not a valid date";
533 |             }
534 |         }
535 |     }
536 | 
537 |     // 8. Validate currency_code (if provided)
538 |     if (isset($data['currency_code']) && $data['currency_code'] !== '') {
539 |         if (!preg_match('/^[A-Z]{3}$/i', $data['currency_code'])) {
540 |             $errors[] = "currency_code must be a 3-letter currency code (e.g., USD, EUR)";
541 |         } else {
542 |             $data['currency_code'] = strtoupper($data['currency_code']);
543 |         }
544 |     }
545 | 
546 |     // If there are validation errors, send them
547 |     if (!empty($errors)) {
548 |         sendError(400, implode('; ', $errors));
549 |     }
550 | 
551 |     return $data;
552 | }
553 | 


--------------------------------------------------------------------------------