public static function getQuery($query, $extends = null, $id = "")
{
$table = $query["TABLE"];
$query = ArrestDB::PrepareQueryGET($query, false);
$result = ArrestDB::Query($query);
if ($result === false || count($result) == 0) {
return null;
} else {
if (isset($result[0])) {
foreach ($result as $k => $object) {
$result[$k]["__table"] = $table;
}
} else {
$result["__table"] = $table;
}
}
if (isset($extends) === true) {
$extends = explode(",", $extends);
try {
$result = ArrestDB::Extend($result, $extends);
} catch (Exception $e) {
$result = ArrestDB::$HTTP[$e->getCode()];
$result["error"]["detail"] = $e->getMessage();
return ArrestDB::Reply($result);
}
}
if (function_exists("ArrestDB_postProcess")) {
$result = ArrestDB_postProcess('GET', $table, $id, $result);
}
return ArrestDB::ObfuscateId($result);
}
*/
//This is an example where authorization is requiered for all tables except for CategoryVisible that is always authorized
ArrestDBConfig::auth(["table" => "Category"], function ($method, $table, $id) {
return true;
});
ArrestDBConfig::auth([], function ($method, $table, $id) {
global $user;
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid Auth';
exit;
} else {
$user = $_SERVER['PHP_AUTH_USER'];
$pass = sha1($_SERVER['PHP_AUTH_PW']);
$query = ArrestDB::PrepareQueryGET(["TABLE" => "User", "WHERE" => ["email='{$user}'", "password='******'"]]);
$result = ArrestDB::Query($query);
if (count($result) == 0) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid Auth';
exit;
}
$user = $result[0];
return true;
}
});
/*
ALLOW (OPTIONAL)
It's similar to auth but it's used in other cases when is checked out if it's allowed to execute a method over a table or function. Return true if is allowed. By default all is allowed
if (isset($_GET['order']) !== true) {
$_GET['order'] = 'ASC';
}
$query["ORDER BY"] = $_GET['by'] . " " . $_GET['order'];
}
if (isset($_GET['limit']) === true) {
$query["LIMIT"] = $_GET['limit'];
if (isset($_GET['offset']) === true) {
$query["OFFSET"] = $_GET['offset'];
}
}
}
if (function_exists("ArrestDB_modify_query")) {
$query = ArrestDB_modify_query("GET", $table, $id, $query);
}
$query = ArrestDB::PrepareQueryGET($query);
$result = isset($id) === true ? ArrestDB::Query($query, $id) : ArrestDB::Query($query);
if ($result === false) {
return ArrestDB::Reply(ArrestDB::$HTTP[404]);
} else {
if (empty($result) === true) {
//return ArrestDB::Reply(ArrestDB::$HTTP[204]);
return ArrestDB::Reply($result);
} else {
if (isset($id) === true) {
$result = array_shift($result);
}
}
}
if (isset($result[0])) {
foreach ($result as $k => $object) {
