| Server IP : 162.214.74.102 / Your IP : 216.73.216.139 Web Server : Apache System : Linux dedi-4363141.lrsys.com.br 3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 #1 SMP Wed Oct 1 17:37:27 UTC 2025 x86_64 User : lrsys ( 1015) PHP Version : 5.6.40 Disable Function : exec,passthru,shell_exec,system MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/lrsys/www/lrsys_apps/leo/application/controllers/ |
Upload File : |
<?php
$data = array();
$data['success'] = false;
$data['msg'] = '';
$ip = '';
$ref = '';
$agent = '';
$host = null;
// Pego o IP verificando se passa pela CloudFlare
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
if(isset($_SERVER['HTTP_REFERER'])){
$ref = $_SERVER['HTTP_REFERER'];
}
if(isset($_SERVER['HTTP_USER_AGENT'])){
$agent = $_SERVER['HTTP_USER_AGENT'];
}
$headers = apache_request_headers();
// Verifico se o IP tem permissão para acessar a API
//var_dump($headers);exit;
$authorized_ips = ['104.26.13.84','170.79.112.105','172.68.26.91','172.68.26.247','54.232.206.230','18.231.18.78','18.233.245.23','54.94.197.235','54.94.235.188','157.245.250.83','54.232.137.101','15.229.6.208','54.94.97.216','52.67.155.174','54.232.54.138','54.207.75.203','18.230.130.25','54.232.252.171','18.231.138.158','187.94.97.22','127.0.0.1','172.67.69.27','104.26.12.84'];
$authorized_hosts = ['https://myside.com.br','https://web.myside.com.br','https://busca.myside.com.br'];
if(!in_array($ip, $authorized_ips) )
{
$host = isset($headers['origin'])?$headers['origin']:null;
if(!in_array($host, $authorized_hosts))
{
// header('HTTP/1.0 403 Forbidden');
// echo 'Access not Allowed! ';
// exit;
}
}
// CORS
if (isset($_SERVER['HTTP_ORIGIN']))
{
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
// you want to allow, and if so:
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
// header('Access-Control-Allow-Methods: true');
header('Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers');
header('Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT');
header('Access-Control-Max-Age: 864000'); // cache for 1 day
header('Cache-Control: public, max-age=864000');
}
else
{
header('Cache-Control: public, max-age=864000');
}
$data['ip'] = $ip;
$data['headers'] = $headers;
$data['host'] = $host;
$data['ref'] = $ref;
$data['agent'] = $agent;
$data['result'] = false;
if(isset($_GET['key']))
{
$_POST = $_GET;
}
if(isset($_POST['key']) AND ($_POST['key'] != '')){
$key = $_POST['key'];
$a = ORM::for_table('sys_api')->where('apikey',$key)->find_one();
if($a){
$data['success'] = true;
$method = _post('method');
switch ($method) {
case 'get_contact_details_by_id':
$id = _post('id');
$d = ORM::for_table('crm_accounts')->where('id',$id)->limit(1)->find_array();
if($d){
$data['result'] = $d;
api_response($data);
}
else{
$data['result'] = false;
$data['msg'] = 'Contact Not Found';
api_response($data);
}
break;
case 'get_contact_details_by_email':
$email = _post('email');
$d = ORM::for_table('crm_accounts')->where('email',$email)->limit(1)->find_array();
if($d){
$data['result'] = $d;
api_response($data);
}
else{
$data['result'] = false;
$data['msg'] = 'Contact Not Found';
api_response($data);
}
break;
case 'get_contact_details_by_token':
$token = _post('token');
$d = ORM::for_table('crm_accounts')->where('token',$token)->limit(1)->find_array();
if($d){
$data['result'] = $d;
api_response($data);
}
else{
$data['result'] = false;
$data['msg'] = 'Contact Not Found';
api_response($data);
}
break;
case 'get_invoice_details_by_id':
$id = _post('id');
$d = ORM::for_table('sys_invoices')->where('id',$id)->limit(1)->find_array();
if($d){
$data['result'] = $d;
api_response($data);
}
else{
$data['result'] = false;
$data['msg'] = 'Invoice Not Found';
api_response($data);
}
break;
case 'get_contacts':
$d = ORM::for_table('crm_accounts')->find_array();
$data['result'] = $d;
api_response($data);
break;
case 'add_contact':
$v = array();
$v['account'] = _post('account');
$v['email'] = _post('email');
$v['password'] = _post('password');
$v['phone'] = _post('phone');
$v['address'] = _post('address');
$v['city'] = _post('city');
$v['zip'] = _post('zip');
$v['state'] = _post('state');
$v['country'] = _post('country');
$v['company'] = _post('company');
$v['img'] = _post('img');
$v['tags'] = _post('tags');
$data['result'] = Contacts::add($v);
$data['email'] = $v['email'];
api_response($data);
break;
case 'get_invoices_by_contact_email':
$email = _post('email');
$cid = '';
$i = false;
$d = ORM::for_table('crm_accounts')->where('email',$email)->find_one();
if($d){
$cid = $d['id'];
$i = ORM::for_table('sys_invoices')->where('userid',$d['id'])->find_array();
}
$data['result'] = $i;
$data['email'] = $email;
$data['cid'] = $cid;
api_response($data);
break;
case 'get_invoices_by_contact_id':
$id = _post('id');
$cid = '';
$i = false;
$d = ORM::for_table('crm_accounts')->find_one($id);
if($d){
$cid = $d['id'];
$i = ORM::for_table('sys_invoices')->where('userid',$d['id'])->find_array();
}
$data['result'] = $i;
$data['id'] = $id;
$data['email'] = $d['email'];
$data['cid'] = $cid;
api_response($data);
break;
case 'get_recent_invoices_by_contact_id':
$id = _post('id');
$cid = '';
$i = false;
$d = ORM::for_table('crm_accounts')->find_one($id);
if($d){
$cid = $d['id'];
$i = ORM::for_table('sys_invoices')->where('userid',$d['id'])->limit(5)->find_array();
}
$data['result'] = $i;
$data['id'] = $id;
$data['email'] = $d['email'];
$data['cid'] = $cid;
api_response($data);
break;
case 'login':
$email = _post('email');
$password = _post('password');
$l = Contacts::login($email,$password);
if($l){
$data['token'] = $l;
}
else{
$data['token'] = false;
}
api_response($data);
break;
case 'logout':
$token = _post('token');
$l = Contacts::logout_using_token($token);
if($l){
$data['logout'] = true;
}
else{
$data['logout'] = false;
}
api_response($data);
break;
case 'ib_info':
foreach ($config as $key => $value){
$data[$key] = $value;
}
api_response($data);
break;
case 'plugin':
$plugin = _post('plugin');
$api_path = 'application/plugins/'.$plugin.'/api.php';
if(file_exists($api_path)){
$data['api_found'] = 'Yes';
include $api_path;
}
else{
$data['api_found'] = 'No';
}
api_response($data);
break;
default:
$data['msg'] = 'Method Not Found';
api_response($data);
}
}
else{
$data['msg'] = 'Invalid API Key';
api_response($data);
}
}
else{
$data['msg'] = 'API Key is required';
api_response($data);
}