wrote this file. As long as you retain this notice * you can do whatever you want with this stuff. If we meet some day, and you * think this stuff is worth it, you can buy me a Tschunk in return. * ---------------------------------------------------------------------------*/ # make sure that the webserver can write to this directory, e.g. # chown -R www-data:www-data /var/www/html # set this to the upl_token value in platformio.ini $token = ''; function check_header($k, $v = false) { if (!isset($_SERVER[$k])) return false; if ($v && $_SERVER[$k] !== $v) return false; return true; } # validate the headers if (!check_header('REQUEST_METHOD', 'PUT') || !check_header('HTTP_X_ROOM') || !check_header('HTTP_X_DEVICE') || !check_header('HTTP_X_VERSION') || !check_header('HTTP_X_TOKEN', $token) ) { header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden', true, 403); exit(); } # sanitize inputs $room = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ROOM']); $device = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_DEVICE']); $version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_VERSION']); $filename = "./arduino-images/$room/$device/$version.bin"; # make sure the directory exists @mkdir("./arduino-images/$room/$device/", 0775, true); # open files, copy data, close files $in = fopen('php://input', 'r'); $out = fopen($filename, 'w'); if ($out === false) { header($_SERVER['SERVER_PROTOCOL'].' 500 Internal Server Error', true, 500); exit(); } while ($data = fread($in, 1024)) fwrite($out, $data); fclose($in); fclose($out); ?>