From c50584018e8da6b4bc74f83598e54a92122a4679 Mon Sep 17 00:00:00 2001
From: Bandie <bandie@chaospott.de>
Date: Mon, 18 Jan 2021 21:35:25 +0100
Subject: [PATCH] JSON responses; missing var name

---
 update.php | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/update.php b/update.php
index 59ce640..84dc699 100644
--- a/update.php
+++ b/update.php
@@ -38,7 +38,9 @@ function setStatus(&$status, $decoded, $loc){
 // Is this a POST?
 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
   header("HTTP/1.1 405 Method Not Allowed");
-  echo('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
+  header("Content-Type: application/json");
+  echo(json_encode(['status' => 'No POST. Received: '. $_SERVER['REQUEST_METHOD']]));
+  error_log('No POST.');
   exit();
 }
 
@@ -47,7 +49,9 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 $content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
 if ($content_type != 'application/json') {
   header("HTTP/1.1 403 Forbidden");
-  echo('FAILED - not application/json - '. $content_type);
+  header("Content-Type: application/json");
+  echo(json_encode(['status' => 'FAILED - not application/json - '. $content_type]));
+  error_log('No application/json');
   exit();
 }
 
@@ -56,7 +60,9 @@ if ($content_type != 'application/json') {
 $payload = trim(file_get_contents("php://input"));
 if (empty($payload)) {
   header("HTTP/1.1 403 Forbidden");
-  echo('FAILED - no payload');
+  header("Content-Type: application/json");
+  echo(json_encode(['status' => 'No payload']));
+  error_log('No payload');
   exit();
 }
 
@@ -65,7 +71,8 @@ $decoded = json_decode($payload, true);
 if (json_last_error() !== JSON_ERROR_NONE) {
   header("HTTP/1.1 403 Forbidden");
   header("Content-Type: application/json");
-  echo('"FAILED - json decode - '. json_last_error());
+  echo(json_encode(['status' => 'FAILED - json decode - '. json_last_error()]));
+  error_log('JSON decode error');
   exit();
 }
 
@@ -73,8 +80,9 @@ if (json_last_error() !== JSON_ERROR_NONE) {
 // Is the authorisation aight m8?
 if($decoded['consumer_key'] != $consumer_key || $decoded['consumer_secret'] != $consumer_secret) {
   header("HTTP/1.1 403 Forbidden");
-  echo("WRONG SECRET");
-  error_log('FAILED - wrong secret key');
+  header("Content-Type: application/json");
+  echo(json_encode(['status' => 'Wrong key/secret.']));
+  error_log('Wrong key/secret.');
   exit();
 }
 
@@ -82,6 +90,7 @@ if($decoded['consumer_key'] != $consumer_key || $decoded['consumer_secret'] != $
 // Is this API even active?
 if(!$active){
   header("HTTP/1.1 403 Forbidden");
+  header("Content-Type: application/json");
   echo(json_encode(["status" => "API deactivated."]));
   error_log('API deactivated');
   exit();
@@ -89,7 +98,7 @@ if(!$active){
 
 
 // Get me the previous status
-$status = json_decode(file_get_contents("../status.json"), true);
+$status = json_decode(file_get_contents($statusJSONFile), true);
 
 // Manipulate the $status variable. If we have an update, update the timestamp.
 if(setStatus($status, $decoded, 'aerie') | setStatus($status, $decoded, 'cellar')){