-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapi.php
More file actions
104 lines (89 loc) · 2.65 KB
/
api.php
File metadata and controls
104 lines (89 loc) · 2.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
// Session security settings
ini_set('session.cookie_httponly', 1);
ini_set('session.use_strict_mode', 1);
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
ini_set('session.cookie_secure', 1);
}
session_start();
require_once 'admin_config.php';
require_once 'security_functions.php';
// Authentication check
if (!isset($_SESSION[SESSION_NAME]) || $_SESSION[SESSION_NAME] !== true) {
http_response_code(401);
echo json_encode(['error' => safeError('Unauthorized')]);
exit;
}
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
exit;
}
$input = file_get_contents('php://input');
$data = json_decode($input, true);
if (json_last_error() !== JSON_ERROR_NONE) {
http_response_code(400);
echo json_encode(['error' => safeError('Invalid JSON format')]);
exit;
}
// Validasyon fonksiyonları
function validateHeader($header) {
if (empty($header['name']) || empty($header['subtitle']) || empty($header['nav'])) {
return false;
}
foreach ($header['nav'] as $nav) {
if (empty($nav['label']) || empty($nav['icon'])) {
return false;
}
}
return true;
}
function validateSectionItems($items) {
foreach ($items as $item) {
if (empty($item['title'])) {
return false;
}
}
return true;
}
function validateSections($sections) {
foreach ($sections as $section) {
if (empty($section['name']) || empty($section['items'])) {
return false;
}
if (!validateSectionItems($section['items'])) {
return false;
}
}
return true;
}
function validateResume($resume) {
if (empty($resume['header']) || empty($resume['left']) || empty($resume['right'])) {
return false;
}
if (!validateHeader($resume['header'])) {
return false;
}
if (!validateSections($resume['left']) || !validateSections($resume['right'])) {
return false;
}
return true;
}
if (!validateResume($data)) {
http_response_code(400);
echo json_encode(['error' => safeError('Invalid resume structure')]);
exit;
}
// Sanitize data before saving
$data = sanitizeResumeData($data);
// JSON dosyasını kaydet
$jsonFile = __DIR__ . '/src/resume.json';
$result = file_put_contents($jsonFile, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
if ($result === false) {
http_response_code(500);
echo json_encode(['error' => safeError('Failed to save file')]);
exit;
}
echo json_encode(['success' => true, 'message' => 'Resume updated successfully']);
?>