From 71c5b1ae92ffb69b16d429a0b13a07c69f1d367d Mon Sep 17 00:00:00 2001
From: Bandie <bandie@chaospott.de>
Date: Wed, 13 Jan 2021 19:30:12 +0100
Subject: [PATCH] =?UTF-8?q?Spaces=C2=AE;=20http=20status=20code=20header?=
 =?UTF-8?q?=20for=20wrong=20things?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 www/pr.php | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/www/pr.php b/www/pr.php
index 2a728fc..747b78b 100644
--- a/www/pr.php
+++ b/www/pr.php
@@ -3,24 +3,27 @@ include('config.php');
 
 // check for POST request
 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-    error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
-    exit();
+  header("HTTP/1.1 405 Method Not Allowed");
+  error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
+  exit();
 }
 
 // get content type
 $content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
 
 if ($content_type != 'application/json') {
-    error_log('FAILED - not application/json - '. $content_type);
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  error_log('FAILED - not application/json - '. $content_type);
+  exit();
 }
 
 // get payload
 $payload = trim(file_get_contents("php://input"));
 
 if (empty($payload)) {
-    error_log('FAILED - no payload');
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  error_log('FAILED - no payload');
+  exit();
 }
 
 // convert json to array
@@ -28,14 +31,16 @@ $decoded = json_decode($payload, true);
 
 // check for json decode errors
 if (json_last_error() !== JSON_ERROR_NONE) {
-    error_log('FAILED - json decode - '. json_last_error());
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  error_log('FAILED - json decode - '. json_last_error());
+  exit();
 }
 
 if($decoded['secret'] != $secret_key['pr']) {
-    echo("WRONG SECRET");
-    error_log('FAILED - wrong secret key');
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  echo("WRONG SECRET");
+  error_log('FAILED - wrong secret key');
+  exit();
 }
 
 file_put_contents("log.txt", print_r($decoded, true));
@@ -56,5 +61,4 @@ foreach($recipients['pr'] as $recp) {
   mail($recp, $subject, $message, $from);
 }
 echo("SENT");
-// success, do something
 ?>