File Manager V1.5
FILE_CONTENT: protected.php
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS");
header("Access-Control-Allow-Headers: Authorization, Content-Type, Accept, X-Requested-With, User-Agent, Origin");
header("Access-Control-Max-Age: 86400");
header("Content-Type: application/json; charset=UTF-8");
require 'vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Dotenv\Dotenv;
$dotenv = Dotenv::createImmutable(__DIR__);
$dotenv->safeLoad();
if (!isset($_ENV['JWT_SECRET'])) {
http_response_code(500);
echo json_encode(['error' => 'JWT secret not configured']);
exit;
}
try {
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
$token = str_replace('Bearer ', '', $authHeader);
if (empty($token)) {
http_response_code(401);
echo json_encode(['error' => 'Authorization token required']);
exit;
}
$decoded = JWT::decode($token, new Key($_ENV['JWT_SECRET'], 'HS256'));
echo json_encode([
'success' => true,
'user_id' => $decoded->sub,
'message' => 'Access granted'
]);
} catch (Exception $e) {
http_response_code(401);
echo json_encode(['error' => 'Invalid token: ' . $e->getMessage()]);
}
echo 'Current dir:' . __DIR__ . '\n';
echo 'JWT_SECRET:' . ($_ENV['JWT_SECRET'] ?? 'NOT FOUND');[ KEMBALI ]