SIMON Master Console Rebuild
True command center for SIMON + WEB360
This rebuild gives you a cleaner production spine: interactive tree, live viewer, guarded editor, dynamic graphics, architecture map, and note storage. It is designed to sit beside your existing
console.php
and become the stronger replacement path.
Dashboard
Tree
Viewer
System Map
File Registry
Notes
Files
15,561
Folders
425
Scanned Size
3.85 GB
PHP Files
926
Editable Text Files
12,822
File viewer
guarded to /htdocs
/si/_core/guardian.php
<?php declare(strict_types=1); /* * Loaded by the Guardian-aware operations bootstrap. * Guardian verifies Google/Apple identity and signs the handoff; ConnLink only * accepts that verified session. Server rewrite rules never process tokens. */ function si_guardian_identity(): array { if(session_status()!==PHP_SESSION_ACTIVE)return ['authorized'=>false,'mode'=>'unavailable']; if(($_SESSION['guardian_authorized']??false)===true){ return ['authorized'=>true,'mode'=>'guardian','name'=>(string)($_SESSION['guardian_name']??'Guardian operator')]; } return ['authorized'=>false,'mode'=>'guardian']; } function si_guardian_provider_url(string $provider): string { $provider=in_array($provider,['google','apple'],true)?$provider:'google'; if(defined('GUARDIAN_AUTH_BASE_URL')){ $return=si_ops_base_url().'/si/guardian/callback.php'; return rtrim((string)GUARDIAN_AUTH_BASE_URL,'/').'/login?provider='.rawurlencode($provider).'&return='.rawurlencode($return); } return ''; } function si_guardian_decode(string $value): string { $value=strtr($value,'-_','+/'); $value.=str_repeat('=',(4-strlen($value)%4)%4); return (string)base64_decode($value,true); } function si_guardian_accept_handoff(string $payloadToken,string $signature): array { $secret=defined('GUARDIAN_HANDOFF_SECRET')?(string)GUARDIAN_HANDOFF_SECRET:''; if($secret===''||strlen($secret)<32)return ['ok'=>false,'error'=>'Guardian handoff secret is not configured.']; $expected=hash_hmac('sha256',$payloadToken,$secret); if(!hash_equals($expected,strtolower(trim($signature))))return ['ok'=>false,'error'=>'Guardian signature was rejected.']; $payload=json_decode(si_guardian_decode($payloadToken),true); if(!is_array($payload))return ['ok'=>false,'error'=>'Guardian payload is invalid.']; $issued=(int)($payload['iat']??0);$expires=(int)($payload['exp']??0);$now=time(); if($issued>$now+60||$issued<$now-300||$expires<$now||$expires>$now+600)return ['ok'=>false,'error'=>'Guardian handoff expired.']; $provider=(string)($payload['provider']??''); if(!in_array($provider,['google','apple'],true))return ['ok'=>false,'error'=>'Guardian provider is invalid.']; $subject=trim((string)($payload['sub']??'')); if($subject===''||strlen($subject)>200)return ['ok'=>false,'error'=>'Guardian identity is invalid.']; $nonce=trim((string)($payload['nonce']??'')); if($nonce===''||strlen($nonce)>200)return ['ok'=>false,'error'=>'Guardian nonce is invalid.']; $nonceKey='guardian_nonce_'.hash('sha256',$nonce); if(isset($_SESSION[$nonceKey]))return ['ok'=>false,'error'=>'Guardian handoff was already used.']; $_SESSION[$nonceKey]=$now;$_SESSION['guardian_authorized']=true; $_SESSION['guardian_provider']=$provider;$_SESSION['guardian_subject']=$subject; $_SESSION['guardian_name']=substr(trim((string)($payload['name']??'Guardian operator')),0,120); session_regenerate_id(true); si_core_log('guardian','auth_success',['provider'=>$provider,'subject_hash'=>hash('sha256',$subject)]); return ['ok'=>true]; }
Save file
Quick jump
open a path
Open