commit ad6c1e751b6baabe5a89052af5dece23fe6a9d77 Author: ayrisdev Date: Sun Feb 22 13:55:12 2026 +0000 Upload files to "/" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62a027e --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +# Logs +*.log +rate_limit.json +api_access.log + +# Tokens +tokens/ + +# IDE +.vscode/ +.idea/ +*.swp +*.swo + +# OS +.DS_Store +Thumbs.db + +# Vercel +.vercel diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..fdc87d2 --- /dev/null +++ b/.htaccess @@ -0,0 +1,62 @@ +# XC IPTV API - Apache Configuration + +# CORS (Cross-Origin Resource Sharing) + + Header set Access-Control-Allow-Origin "*" + Header set Access-Control-Allow-Methods "GET, POST, OPTIONS" + Header set Access-Control-Allow-Headers "Content-Type, Authorization" + + +# GZIP Compression + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json + + +# Cache Control + + ExpiresActive On + ExpiresByType application/json "access plus 5 minutes" + + +# Security Headers + + Header set X-Content-Type-Options "nosniff" + Header set X-Frame-Options "DENY" + Header set X-XSS-Protection "1; mode=block" + + +# Disable Directory Listing +Options -Indexes + +# Protect Config File + + Order Allow,Deny + Deny from all + + +# Error Pages +ErrorDocument 404 /404.html +ErrorDocument 500 /500.html + +# Rewrite Rules (opsiyonel - SEF URLs için) + + RewriteEngine On + RewriteBase / + + # API endpoint'i temizle + # /api/v1 yerine /api + RewriteRule ^api/?$ app.php [L] + + # Maintenance check + RewriteCond %{REQUEST_URI} !maintenance.html + RewriteCond %{DOCUMENT_ROOT}/maintenance.flag -f + RewriteRule .* /maintenance.html [R=503,L] + + +# PHP Settings (eğer izin veriliyorsa) + + php_value upload_max_filesize 10M + php_value post_max_size 10M + php_value memory_limit 128M + php_value max_execution_time 30 + diff --git a/api_secured.php b/api_secured.php new file mode 100644 index 0000000..a69f24b --- /dev/null +++ b/api_secured.php @@ -0,0 +1,335 @@ + 'admin', + 'admin_password' => password_hash('admin123', PASSWORD_BCRYPT), // Değiştir! + + // API Keys (Her APK için farklı key) + 'api_keys' => [ + 'myapp_v1_secret_key_2024', // APK 1 + 'myapp_v2_secret_key_2024', // APK 2 + 'myapp_v3_secret_key_2024', // APK 3 + ], + + // IP Whitelist (Boş = tüm IP'ler) + 'allowed_ips' => [], + + // Rate Limiting + 'rate_limit' => [ + 'enabled' => true, + 'max_requests' => 60, // dakika başına + 'block_duration' => 3600, // 1 saat ban + ], + + // Token Expiry (saat cinsinden) + 'token_expiry' => 24, +]; + +// ========================================== +// SESSION BAŞLAT +// ========================================== + +session_start(); + +// ========================================== +// RATE LIMIT KONTROLÜ +// ========================================== + +function checkRateLimit($ip) { + global $SECURITY_CONFIG; + + if (!$SECURITY_CONFIG['rate_limit']['enabled']) { + return true; + } + + $log_file = 'rate_limit.json'; + $max_requests = $SECURITY_CONFIG['rate_limit']['max_requests']; + $block_duration = $SECURITY_CONFIG['rate_limit']['block_duration']; + + // Load log + $data = file_exists($log_file) ? json_decode(file_get_contents($log_file), true) : []; + + // Check if IP is blocked + if (isset($data[$ip]['blocked_until']) && time() < $data[$ip]['blocked_until']) { + return false; + } + + // Initialize or reset counter + if (!isset($data[$ip]) || time() - $data[$ip]['last_reset'] > 60) { + $data[$ip] = [ + 'count' => 1, + 'last_reset' => time(), + 'blocked_until' => null + ]; + } else { + $data[$ip]['count']++; + + // Block if exceeded + if ($data[$ip]['count'] > $max_requests) { + $data[$ip]['blocked_until'] = time() + $block_duration; + file_put_contents($log_file, json_encode($data)); + return false; + } + } + + file_put_contents($log_file, json_encode($data)); + return true; +} + +// ========================================== +// API KEY KONTROLÜ +// ========================================== + +function validateApiKey($key) { + global $SECURITY_CONFIG; + return in_array($key, $SECURITY_CONFIG['api_keys']); +} + +// ========================================== +// TOKEN OLUŞTUR +// ========================================== + +function generateToken($api_key) { + global $SECURITY_CONFIG; + + $token_data = [ + 'api_key' => $api_key, + 'issued_at' => time(), + 'expires_at' => time() + ($SECURITY_CONFIG['token_expiry'] * 3600), + 'random' => bin2hex(random_bytes(16)) + ]; + + // Token'ı encode et + $token = base64_encode(json_encode($token_data)); + + // Token'ı kaydet (opsiyonel) + $token_file = 'tokens/' . md5($token) . '.json'; + @mkdir('tokens', 0755, true); + @file_put_contents($token_file, json_encode($token_data)); + + return $token; +} + +// ========================================== +// TOKEN DOĞRULA +// ========================================== + +function validateToken($token) { + if (empty($token)) return false; + + try { + $token_data = json_decode(base64_decode($token), true); + + if (!$token_data || !isset($token_data['expires_at'])) { + return false; + } + + // Expire check + if (time() > $token_data['expires_at']) { + return false; + } + + // API key check + if (!validateApiKey($token_data['api_key'])) { + return false; + } + + return true; + } catch (Exception $e) { + return false; + } +} + +// ========================================== +// IP KONTROL +// ========================================== + +$client_ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; + +if (!empty($SECURITY_CONFIG['allowed_ips']) && !in_array($client_ip, $SECURITY_CONFIG['allowed_ips'])) { + http_response_code(403); + die(json_encode([ + 'status' => 'error', + 'error_code' => 'IP_BLOCKED', + 'message' => 'Your IP is not whitelisted' + ])); +} + +// Rate limit check +if (!checkRateLimit($client_ip)) { + http_response_code(429); + die(json_encode([ + 'status' => 'error', + 'error_code' => 'RATE_LIMIT_EXCEEDED', + 'message' => 'Too many requests. Try again later.', + 'retry_after' => $SECURITY_CONFIG['rate_limit']['block_duration'] + ])); +} + +// ========================================== +// ENDPOINT: LOGIN (Admin Panel) +// ========================================== + +if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'login') { + header('Content-Type: application/json'); + + $username = $_POST['username'] ?? ''; + $password = $_POST['password'] ?? ''; + + if ($username === $SECURITY_CONFIG['admin_username'] && + password_verify($password, $SECURITY_CONFIG['admin_password'])) { + + $_SESSION['admin_logged_in'] = true; + $_SESSION['login_time'] = time(); + + echo json_encode([ + 'status' => 'success', + 'message' => 'Login successful', + 'redirect' => 'panel.html' + ]); + } else { + sleep(2); // Brute force protection + echo json_encode([ + 'status' => 'error', + 'message' => 'Invalid credentials' + ]); + } + exit; +} + +// ========================================== +// ENDPOINT: GET TOKEN (APK için) +// ========================================== + +if (isset($_GET['action']) && $_GET['action'] === 'get_token') { + header('Content-Type: application/json'); + + $api_key = $_GET['api_key'] ?? $_POST['api_key'] ?? ''; + + if (!validateApiKey($api_key)) { + http_response_code(401); + echo json_encode([ + 'status' => 'error', + 'error_code' => 'INVALID_API_KEY', + 'message' => 'Invalid API key' + ]); + exit; + } + + $token = generateToken($api_key); + + echo json_encode([ + 'status' => 'success', + 'token' => $token, + 'expires_in' => $SECURITY_CONFIG['token_expiry'] * 3600, + 'issued_at' => time() + ]); + exit; +} + +// ========================================== +// ENDPOINT: GET CONFIG (Ana API) +// ========================================== + +if (isset($_GET['action']) && $_GET['action'] === 'get_config') { + header('Content-Type: application/json'); + + // Token kontrolü + $token = $_GET['token'] ?? $_SERVER['HTTP_AUTHORIZATION'] ?? ''; + $token = str_replace('Bearer ', '', $token); + + if (!validateToken($token)) { + http_response_code(401); + echo json_encode([ + 'status' => 'error', + 'error_code' => 'INVALID_TOKEN', + 'message' => 'Invalid or expired token' + ]); + exit; + } + + // ========================================== + // CONFIG (Token geçerli ise döndür) + // ========================================== + + require_once 'config.php'; + + $config = [ + 'app' => [ + 'name' => 'MAGTV Android Player', + 'customer_id' => 'v2000', + 'expiry' => 'LIFETIME', + 'version' => '7.0', + ], + 'portals' => [ + [ + 'id' => 1, + 'name' => 'GİRİŞ 1', + 'url' => 'http://hdd.inoon.uk', + 'port' => '8080', + ], + [ + 'id' => 2, + 'name' => 'GİRİŞ 2', + 'url' => 'http://hdd.inoon.uk', + 'port' => '8080', + ], + [ + 'id' => 3, + 'name' => 'GİRİŞ 3', + 'url' => 'http://imagson.site', + 'port' => '8080', + ], + ], + ]; + + echo json_encode([ + 'status' => 'success', + 'data' => $config, + 'timestamp' => time() + ], JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); + + exit; +} + +// ========================================== +// ADMIN PANEL ACCESS CHECK +// ========================================== + +$is_admin_logged_in = isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true; + +// Panel erişimi kontrolü +if (strpos($_SERVER['REQUEST_URI'], 'panel.html') !== false && !$is_admin_logged_in) { + header('Location: login.html'); + exit; +} + +// ========================================== +// DEFAULT: API Dökümantasyonu +// ========================================== + +if (!isset($_GET['action'])) { + header('Content-Type: application/json'); + echo json_encode([ + 'name' => 'XC IPTV Secured API', + 'version' => '2.0', + 'status' => 'online', + 'security' => 'enabled', + 'endpoints' => [ + 'POST /api.php?action=login' => 'Admin login', + 'GET /api.php?action=get_token&api_key=YOUR_KEY' => 'Get access token', + 'GET /api.php?action=get_config&token=YOUR_TOKEN' => 'Get portal config', + ], + 'documentation' => 'https://docs.yourdomain.com' + ], JSON_PRETTY_PRINT); +} +?> diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..2d59588 --- /dev/null +++ b/composer.json @@ -0,0 +1,13 @@ +{ + "name": "xciptv/api", + "description": "XC IPTV Secured API Panel", + "type": "project", + "require": { + "php": ">=7.4" + }, + "config": { + "platform": { + "php": "8.2" + } + } +} diff --git a/config.php b/config.php new file mode 100644 index 0000000..9b1b048 --- /dev/null +++ b/config.php @@ -0,0 +1,166 @@ + [ + 'url' => 'http://panel.example.com', // Panel URL + 'port' => '8080', // Panel Port + 'api_path' => '/player_api.php', // API endpoint + 'timeout' => 30, // Connection timeout (saniye) + ], + + // ========================================== + // UYGULAMA AYARLARI + // ========================================== + 'app' => [ + 'name' => 'My IPTV', + 'package' => 'com.myiptv.app', + 'version' => '7.0', + 'version_code' => 70, + + // Güncelleme + 'force_update' => false, + 'latest_version' => '7.0', + 'update_url' => 'https://yourdomain.com/downloads/myiptv.apk', + 'update_message' => 'Yeni versiyon mevcut! Lütfen güncelleyin.', + + // Splash Screen + 'splash_duration' => 3, // saniye + 'splash_logo' => 'https://yourdomain.com/assets/logo.png', + ], + + // ========================================== + // ÖZELLİKLER + // ========================================== + 'features' => [ + 'live_tv' => true, + 'vod' => true, + 'series' => true, + 'catchup' => true, + 'epg' => true, + 'recording' => false, + 'parental_control' => true, + 'multi_profile' => false, + 'chromecast' => true, + 'download' => false, + ], + + // ========================================== + // PLAYER AYARLARI + // ========================================== + 'player' => [ + 'default_quality' => 'auto', + 'buffer_size' => 'medium', // small, medium, large + 'hardware_acceleration' => true, + 'subtitle_enabled' => true, + 'audio_passthrough' => false, + ], + + // ========================================== + // REKLAM AYARLARI (AdMob) + // ========================================== + 'ads' => [ + 'enabled' => false, + 'provider' => 'admob', // admob, facebook, unity + + // AdMob IDs + 'banner_id' => 'ca-app-pub-xxxxx', + 'interstitial_id' => 'ca-app-pub-xxxxx', + 'rewarded_id' => 'ca-app-pub-xxxxx', + 'native_id' => 'ca-app-pub-xxxxx', + + // Görüntüleme Sıklığı + 'show_on_startup' => false, + 'show_between_videos' => true, + 'videos_between_ads' => 3, // Her 3 videoda bir + ], + + // ========================================== + // BAKIM MODU + // ========================================== + 'maintenance' => [ + 'enabled' => false, + 'title' => 'Bakımda', + 'message' => 'Sistem şu an bakımda. Lütfen daha sonra tekrar deneyin.', + 'estimated_time' => '2 saat', + 'support_url' => 'https://yourdomain.com/support', + ], + + // ========================================== + // DUYURULAR + // ========================================== + 'announcement' => [ + 'enabled' => false, + 'type' => 'info', // info, warning, error, success + 'title' => 'Önemli Duyuru', + 'message' => 'Sistemde güncellemeler yapılmaktadır.', + 'show_once' => true, // Kullanıcıya bir kere göster + 'button_text' => 'Anladım', + 'link' => '', // Opsiyonel: Daha fazla bilgi linki + ], + + // ========================================== + // GÜVENLİK + // ========================================== + 'security' => [ + 'require_ssl' => false, // HTTPS zorunlu + 'api_key_required' => false, + 'api_key' => 'your-secret-api-key-here', + 'rate_limit' => 100, // İstek limiti (dakika başına) + 'allowed_ips' => [], // Boşsa tüm IP'ler izinli + 'blocked_ips' => [], + ], + + // ========================================== + // SOSYAL MEDYA & DESTEK + // ========================================== + 'social' => [ + 'facebook' => '', + 'twitter' => '', + 'instagram' => '', + 'telegram' => '', + 'website' => 'https://yourdomain.com', + 'support_email' => 'support@yourdomain.com', + 'support_phone' => '+90 XXX XXX XX XX', + ], + + // ========================================== + // GELİŞMİŞ AYARLAR + // ========================================== + 'advanced' => [ + 'cache_enabled' => true, + 'cache_duration' => 3600, // 1 saat + 'debug_mode' => false, + 'log_enabled' => true, + 'log_file' => 'api.log', + 'compression' => true, // GZIP sıkıştırma + ], + + // ========================================== + // VERSİYON GEÇMİŞİ + // ========================================== + 'changelog' => [ + '7.0' => [ + 'date' => '2024-02-21', + 'changes' => [ + 'Yeni arayüz tasarımı', + 'Performans iyileştirmeleri', + 'Bug düzeltmeleri' + ] + ], + '6.5' => [ + 'date' => '2024-01-15', + 'changes' => [ + 'EPG desteği eklendi', + 'Chromecast entegrasyonu' + ] + ] + ] +];