ayrisdev/xciptv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "/"

Browse Source
This commit is contained in:
ayrisdev
2026-02-22 13:55:12 +00:00
commit ad6c1e751b
5 changed files with 596 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.gitignore vendored Normal file
View File

@@ -0,0 +1,20 @@
# Logs
*.log
rate_limit.json
api_access.log
# Tokens
tokens/
# IDE
.vscode/
.idea/
*.swp
*.swo
# OS
.DS_Store
Thumbs.db
# Vercel
.vercel

62
.htaccess Normal file
View File

@@ -0,0 +1,62 @@
# XC IPTV API - Apache Configuration
# CORS (Cross-Origin Resource Sharing)
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>
# GZIP Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>
# Cache Control
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType application/json "access plus 5 minutes"
</IfModule>
# Security Headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"
</IfModule>
# Disable Directory Listing
Options -Indexes
# Protect Config File
<Files "config.php">
Order Allow,Deny
Deny from all
</Files>
# Error Pages
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
# Rewrite Rules (opsiyonel - SEF URLs için)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# API endpoint'i temizle
# /api/v1 yerine /api
RewriteRule ^api/?$ app.php [L]
# Maintenance check
RewriteCond %{REQUEST_URI} !maintenance.html
RewriteCond %{DOCUMENT_ROOT}/maintenance.flag -f
RewriteRule .* /maintenance.html [R=503,L]
</IfModule>
# PHP Settings (eğer izin veriliyorsa)
<IfModule mod_php.c>
php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value memory_limit 128M
php_value max_execution_time 30
</IfModule>

335
api_secured.php Normal file
View File

@@ -0,0 +1,335 @@
<?php
/**
* XC IPTV Secured API with Authentication
* Multi-Layer Security System
*/
// ==========================================
// GÜVENLİK AYARLARI
// ==========================================
$SECURITY_CONFIG = [
// Admin Login
'admin_username' => 'admin',
'admin_password' => password_hash('admin123', PASSWORD_BCRYPT), // Değiştir!
// API Keys (Her APK için farklı key)
'api_keys' => [
'myapp_v1_secret_key_2024', // APK 1
'myapp_v2_secret_key_2024', // APK 2
'myapp_v3_secret_key_2024', // APK 3
],
// IP Whitelist (Boş = tüm IP'ler)
'allowed_ips' => [],
// Rate Limiting
'rate_limit' => [
'enabled' => true,
'max_requests' => 60, // dakika başına
'block_duration' => 3600, // 1 saat ban
],
// Token Expiry (saat cinsinden)
'token_expiry' => 24,
];
// ==========================================
// SESSION BAŞLAT
// ==========================================
session_start();
// ==========================================
// RATE LIMIT KONTROLÜ
// ==========================================
function checkRateLimit($ip) {
global $SECURITY_CONFIG;
if (!$SECURITY_CONFIG['rate_limit']['enabled']) {
return true;
}
$log_file = 'rate_limit.json';
$max_requests = $SECURITY_CONFIG['rate_limit']['max_requests'];
$block_duration = $SECURITY_CONFIG['rate_limit']['block_duration'];
// Load log
$data = file_exists($log_file) ? json_decode(file_get_contents($log_file), true) : [];
// Check if IP is blocked
if (isset($data[$ip]['blocked_until']) && time() < $data[$ip]['blocked_until']) {
return false;
}
// Initialize or reset counter
if (!isset($data[$ip]) || time() - $data[$ip]['last_reset'] > 60) {
$data[$ip] = [
'count' => 1,
'last_reset' => time(),
'blocked_until' => null
];
} else {
$data[$ip]['count']++;
// Block if exceeded
if ($data[$ip]['count'] > $max_requests) {
$data[$ip]['blocked_until'] = time() + $block_duration;
file_put_contents($log_file, json_encode($data));
return false;
}
}
file_put_contents($log_file, json_encode($data));
return true;
}
// ==========================================
// API KEY KONTROLÜ
// ==========================================
function validateApiKey($key) {
global $SECURITY_CONFIG;
return in_array($key, $SECURITY_CONFIG['api_keys']);
}
// ==========================================
// TOKEN OLUŞTUR
// ==========================================
function generateToken($api_key) {
global $SECURITY_CONFIG;
$token_data = [
'api_key' => $api_key,
'issued_at' => time(),
'expires_at' => time() + ($SECURITY_CONFIG['token_expiry'] * 3600),
'random' => bin2hex(random_bytes(16))
];
// Token'ı encode et
$token = base64_encode(json_encode($token_data));
// Token'ı kaydet (opsiyonel)
$token_file = 'tokens/' . md5($token) . '.json';
@mkdir('tokens', 0755, true);
@file_put_contents($token_file, json_encode($token_data));
return $token;
}
// ==========================================
// TOKEN DOĞRULA
// ==========================================
function validateToken($token) {
if (empty($token)) return false;
try {
$token_data = json_decode(base64_decode($token), true);
if (!$token_data || !isset($token_data['expires_at'])) {
return false;
}
// Expire check
if (time() > $token_data['expires_at']) {
return false;
}
// API key check
if (!validateApiKey($token_data['api_key'])) {
return false;
}
return true;
} catch (Exception $e) {
return false;
}
}
// ==========================================
// IP KONTROL
// ==========================================
$client_ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
if (!empty($SECURITY_CONFIG['allowed_ips']) && !in_array($client_ip, $SECURITY_CONFIG['allowed_ips'])) {
http_response_code(403);
die(json_encode([
'status' => 'error',
'error_code' => 'IP_BLOCKED',
'message' => 'Your IP is not whitelisted'
]));
}
// Rate limit check
if (!checkRateLimit($client_ip)) {
http_response_code(429);
die(json_encode([
'status' => 'error',
'error_code' => 'RATE_LIMIT_EXCEEDED',
'message' => 'Too many requests. Try again later.',
'retry_after' => $SECURITY_CONFIG['rate_limit']['block_duration']
]));
}
// ==========================================
// ENDPOINT: LOGIN (Admin Panel)
// ==========================================
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'login') {
header('Content-Type: application/json');
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if ($username === $SECURITY_CONFIG['admin_username'] &&
password_verify($password, $SECURITY_CONFIG['admin_password'])) {
$_SESSION['admin_logged_in'] = true;
$_SESSION['login_time'] = time();
echo json_encode([
'status' => 'success',
'message' => 'Login successful',
'redirect' => 'panel.html'
]);
} else {
sleep(2); // Brute force protection
echo json_encode([
'status' => 'error',
'message' => 'Invalid credentials'
]);
}
exit;
}
// ==========================================
// ENDPOINT: GET TOKEN (APK için)
// ==========================================
if (isset($_GET['action']) && $_GET['action'] === 'get_token') {
header('Content-Type: application/json');
$api_key = $_GET['api_key'] ?? $_POST['api_key'] ?? '';
if (!validateApiKey($api_key)) {
http_response_code(401);
echo json_encode([
'status' => 'error',
'error_code' => 'INVALID_API_KEY',
'message' => 'Invalid API key'
]);
exit;
}
$token = generateToken($api_key);
echo json_encode([
'status' => 'success',
'token' => $token,
'expires_in' => $SECURITY_CONFIG['token_expiry'] * 3600,
'issued_at' => time()
]);
exit;
}
// ==========================================
// ENDPOINT: GET CONFIG (Ana API)
// ==========================================
if (isset($_GET['action']) && $_GET['action'] === 'get_config') {
header('Content-Type: application/json');
// Token kontrolü
$token = $_GET['token'] ?? $_SERVER['HTTP_AUTHORIZATION'] ?? '';
$token = str_replace('Bearer ', '', $token);
if (!validateToken($token)) {
http_response_code(401);
echo json_encode([
'status' => 'error',
'error_code' => 'INVALID_TOKEN',
'message' => 'Invalid or expired token'
]);
exit;
}
// ==========================================
// CONFIG (Token geçerli ise döndür)
// ==========================================
require_once 'config.php';
$config = [
'app' => [
'name' => 'MAGTV Android Player',
'customer_id' => 'v2000',
'expiry' => 'LIFETIME',
'version' => '7.0',
],
'portals' => [
[
'id' => 1,
'name' => 'GİRİŞ 1',
'url' => 'http://hdd.inoon.uk',
'port' => '8080',
],
[
'id' => 2,
'name' => 'GİRİŞ 2',
'url' => 'http://hdd.inoon.uk',
'port' => '8080',
],
[
'id' => 3,
'name' => 'GİRİŞ 3',
'url' => 'http://imagson.site',
'port' => '8080',
],
],
];
echo json_encode([
'status' => 'success',
'data' => $config,
'timestamp' => time()
], JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
exit;
}
// ==========================================
// ADMIN PANEL ACCESS CHECK
// ==========================================
$is_admin_logged_in = isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true;
// Panel erişimi kontrolü
if (strpos($_SERVER['REQUEST_URI'], 'panel.html') !== false && !$is_admin_logged_in) {
header('Location: login.html');
exit;
}
// ==========================================
// DEFAULT: API Dökümantasyonu
// ==========================================
if (!isset($_GET['action'])) {
header('Content-Type: application/json');
echo json_encode([
'name' => 'XC IPTV Secured API',
'version' => '2.0',
'status' => 'online',
'security' => 'enabled',
'endpoints' => [
'POST /api.php?action=login' => 'Admin login',
'GET /api.php?action=get_token&api_key=YOUR_KEY' => 'Get access token',
'GET /api.php?action=get_config&token=YOUR_TOKEN' => 'Get portal config',
],
'documentation' => 'https://docs.yourdomain.com'
], JSON_PRETTY_PRINT);
}
?>

13
composer.json Normal file
View File

@@ -0,0 +1,13 @@
{
"name": "xciptv/api",
"description": "XC IPTV Secured API Panel",
"type": "project",
"require": {
"php": ">=7.4"
},
"config": {
"platform": {
"php": "8.2"
}
}
}

166
config.php Normal file
View File

@@ -0,0 +1,166 @@
<?php
/**
* XC IPTV API - Yapılandırma Dosyası
*
* Sadece bu dosyayı düzenleyerek tüm ayarları değiştirebilirsin
*/
return [
// ==========================================
// PANEL AYARLARI
// ==========================================
'panel' => [
'url' => 'http://panel.example.com', // Panel URL
'port' => '8080', // Panel Port
'api_path' => '/player_api.php', // API endpoint
'timeout' => 30, // Connection timeout (saniye)
],
// ==========================================
// UYGULAMA AYARLARI
// ==========================================
'app' => [
'name' => 'My IPTV',
'package' => 'com.myiptv.app',
'version' => '7.0',
'version_code' => 70,
// Güncelleme
'force_update' => false,
'latest_version' => '7.0',
'update_url' => 'https://yourdomain.com/downloads/myiptv.apk',
'update_message' => 'Yeni versiyon mevcut! Lütfen güncelleyin.',
// Splash Screen
'splash_duration' => 3, // saniye
'splash_logo' => 'https://yourdomain.com/assets/logo.png',
],
// ==========================================
// ÖZELLİKLER
// ==========================================
'features' => [
'live_tv' => true,
'vod' => true,
'series' => true,
'catchup' => true,
'epg' => true,
'recording' => false,
'parental_control' => true,
'multi_profile' => false,
'chromecast' => true,
'download' => false,
],
// ==========================================
// PLAYER AYARLARI
// ==========================================
'player' => [
'default_quality' => 'auto',
'buffer_size' => 'medium', // small, medium, large
'hardware_acceleration' => true,
'subtitle_enabled' => true,
'audio_passthrough' => false,
],
// ==========================================
// REKLAM AYARLARI (AdMob)
// ==========================================
'ads' => [
'enabled' => false,
'provider' => 'admob', // admob, facebook, unity
// AdMob IDs
'banner_id' => 'ca-app-pub-xxxxx',
'interstitial_id' => 'ca-app-pub-xxxxx',
'rewarded_id' => 'ca-app-pub-xxxxx',
'native_id' => 'ca-app-pub-xxxxx',
// Görüntüleme Sıklığı
'show_on_startup' => false,
'show_between_videos' => true,
'videos_between_ads' => 3, // Her 3 videoda bir
],
// ==========================================
// BAKIM MODU
// ==========================================
'maintenance' => [
'enabled' => false,
'title' => 'Bakımda',
'message' => 'Sistem şu an bakımda. Lütfen daha sonra tekrar deneyin.',
'estimated_time' => '2 saat',
'support_url' => 'https://yourdomain.com/support',
],
// ==========================================
// DUYURULAR
// ==========================================
'announcement' => [
'enabled' => false,
'type' => 'info', // info, warning, error, success
'title' => 'Önemli Duyuru',
'message' => 'Sistemde güncellemeler yapılmaktadır.',
'show_once' => true, // Kullanıcıya bir kere göster
'button_text' => 'Anladım',
'link' => '', // Opsiyonel: Daha fazla bilgi linki
],
// ==========================================
// GÜVENLİK
// ==========================================
'security' => [
'require_ssl' => false, // HTTPS zorunlu
'api_key_required' => false,
'api_key' => 'your-secret-api-key-here',
'rate_limit' => 100, // İstek limiti (dakika başına)
'allowed_ips' => [], // Boşsa tüm IP'ler izinli
'blocked_ips' => [],
],
// ==========================================
// SOSYAL MEDYA & DESTEK
// ==========================================
'social' => [
'facebook' => '',
'twitter' => '',
'instagram' => '',
'telegram' => '',
'website' => 'https://yourdomain.com',
'support_email' => 'support@yourdomain.com',
'support_phone' => '+90 XXX XXX XX XX',
],
// ==========================================
// GELİŞMİŞ AYARLAR
// ==========================================
'advanced' => [
'cache_enabled' => true,
'cache_duration' => 3600, // 1 saat
'debug_mode' => false,
'log_enabled' => true,
'log_file' => 'api.log',
'compression' => true, // GZIP sıkıştırma
],
// ==========================================
// VERSİYON GEÇMİŞİ
// ==========================================
'changelog' => [
'7.0' => [
'date' => '2024-02-21',
'changes' => [
'Yeni arayüz tasarımı',
'Performans iyileştirmeleri',
'Bug düzeltmeleri'
]
],
'6.5' => [
'date' => '2024-01-15',
'changes' => [
'EPG desteği eklendi',
'Chromecast entegrasyonu'
]
]
]
];