$row = $result->fetch_assoc(); $encrypted_username_password_hash = $row["password"]; // Password is stored in the dB as: sha1($plaintext_username.$plaintext_password) $query_strings = explode("&key=", $_SERVER['QUERY_STRING']); $query_string = $query_strings[0]; $encoded_params = sha1($query_string . $encrypted_username_password_hash); // This is the same as: sha1($params.sha1($plaintext_username.$plaintext_password)) if ($encoded_params != $encoded_key) { throw new Exception("Hash doesn't match"); } //Client hash doesn't match server hash. // The request has now been authenticated // Call the requested controller/action switch ($controller) { case "people": people($id, $action, $year); break; case "crews": crews($id, $action, $year); break; case "operations": operations($id, $action, $year); break; case "rappels": rappels($id, $action, $year); break; case "ropes": ropes($id, $action, $year); break; case "genies": genies($id, $action, $year);
function content($where, $type, $amount, $style, $filename) { if (strpos($filename, 'index')) { $title = "HOME"; $link = "index"; } if (strpos($filename, 'sport')) { $title = "THE SPORT"; $link = "sport"; } if (strpos($filename, 'rules')) { $title = "THE RULES"; $link = "rules"; } if (strpos($filename, 'more')) { $title = "MORE TURKIBALL"; $link = "more"; } echo " <div class = \"content\">\n"; echo " <div class = \"spacer\"></div>\n"; echo " <h1><a class = \"lightbg\" href = \"http://www.turkiball.com/" . $link . ".php\">" . $title . "</a></h1>\n"; echo " <br>\n"; echo " <div class = \"contentline\"></div>\n"; echoContent($filename); entries($type, $amount, $style); if (strpos($filename, 'people') && !strpos($filename, '?')) { people(); } elseif (strpos($filename, 'pictures')) { pictures(); } echo " <br><br><br><br><br><br><br><br><br>\n"; echo " </div>\n"; }
function content($where, $type, $amount, $style, $filename) { if ($where == 0) { $title = "HOME"; } elseif ($where == 1) { $title = "THE FEED"; } elseif ($where == 2) { $title = "THE LEAGUE"; } else { echo "Error: invalid {$where} parameter passed.\n"; } echo " <div class = \"content\">\n"; echo " <div class = \"spacer\"></div>\n"; echo " <h1><a class = \"lightbg\" href = \"http://www.turkiball.com/feed/index.php\">" . $title . "</a></h1>\n"; echo " <br>\n"; echo " <div class = \"contentline\"></div>\n"; echoContent($filename); entries($type, $amount, $style); if (strpos($filename, 'people') && !strpos($filename, '?')) { people(); } elseif (strpos($filename, 'pictures')) { pictures(); } echo " <br><br><br><br><br><br><br><br><br>\n"; echo " </div>\n"; }
function main() { $action = $_REQUEST["action"]; if ($action == "topics") { $data = topics(); } else { if ($action == "types") { $data = types(); } else { if ($action == "people") { $data = people(); } else { $data = projects(); } } } header("Content-Type: application/json"); header("Access-Control-Allow-Origin: *"); echo json_encode($data); }