public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 6) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("page");
// check link unique
$options = array("amount" => 1);
$search = array("column" => "link", "value" => isset($data["link"]) ? $data["link"] : "");
$count = $db->get_rows($search, $options);
if ($count["count"] > 0) {
$this->response(array("error" => "duplicate link found", "code" => 101), 'json', 409);
}
// copy the page
$row = array("name" => $data["name"], "title" => $data["title"], "link" => $data["link"], "keywords" => $data["keywords"], "description" => $data["description"], "access_level" => (int) $data["access_level"], "theme" => $data["theme"], "json_settings" => $data["json_settings"], "active" => false);
$new_page = $db->add_rows($row);
$db->disconnect();
if ($new_page["count"] != 1) {
$this->response(null, null, 400);
}
// next lets get all the page content for page we are copying
$db->connect("page_content");
$search = array("column" => "page_id", "value" => $data["id"]);
$page_content = $db->get_rows($search);
// now copy if any found
if ($page_content["count"] > 0) {
$new_rows = array();
foreach ($page_content["result"] as $row) {
$new_row = array();
foreach ($row as $key => $col) {
if ($key == "id") {
continue;
} else {
if ($key == "page_id") {
$new_row[$key] = $new_page["result"][0]["id"];
} else {
$new_row[$key] = $col;
}
}
}
$new_rows[] = $new_row;
}
$db->add_rows($new_rows);
}
$db->disconnect();
// return the basic page details
$this->response($new_page["result"][0], "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 6) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("page");
// check link unique
$options = array("amount" => 1);
$search = array("column" => "link", "value" => isset($data["link"]) ? $data["link"] : "");
$count = $db->get_rows($search, $options);
if ($count["count"] > 0) {
$this->response(array("error" => "duplicate link found", "code" => 101), 'json', 409);
}
$row = array("name" => $data["name"], "title" => $data["title"], "link" => $data["link"], "keywords" => $data["keywords"], "description" => $data["description"], "access_level" => (int) $data["access_level"], "active" => false);
$result = $db->add_rows($row);
$result = $result["result"][0];
$db->disconnect();
// return the basic user details
$this->response($result, "json");
}
public function post($ext)
{
if ((int) $this->check_access() < 9) {
$this->response(null, null, 401);
}
if (empty($ext)) {
$this->response(null, null, 400);
}
$settings = array();
foreach ($ext["settings"] as $set) {
$settings[$set["name"]] = $set["value"];
}
$db = new RazorDB();
$db->connect("extension");
$options = array("amount" => 1);
$search = array(array("column" => "extension", "value" => $ext["extension"]), array("column" => "type", "value" => $ext["type"]), array("column" => "handle", "value" => $ext["handle"]));
$extension = $db->get_rows($search, $options);
if ($extension["count"] == 1) {
$db->edit_rows($search, array("json_settings" => json_encode($settings)));
} else {
// add new
$row = array("extension" => $ext["extension"], "type" => $ext["type"], "handle" => $ext["handle"], "json_settings" => json_encode($settings), "user_id" => $this->user["id"], "access_level" => 0);
$db->add_rows($row);
}
$db->disconnect();
$this->response("success", "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 9) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("setting");
if (isset($data["name"])) {
$search = array("column" => "name", "value" => "name");
$res = $db->edit_rows($search, array("value" => $data["name"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "name", "value" => (string) $data["name"], "type" => "string"));
}
}
if (isset($data["google_analytics_code"])) {
$search = array("column" => "name", "value" => "google_analytics_code");
$res = $db->edit_rows($search, array("value" => $data["google_analytics_code"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "google_analytics_code", "value" => (string) $data["google_analytics_code"], "type" => "string"));
}
}
if (isset($data["forgot_password_email"])) {
$search = array("column" => "name", "value" => "forgot_password_email");
$res = $db->edit_rows($search, array("value" => (string) $data["forgot_password_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "forgot_password_email", "value" => (string) $data["forgot_password_email"], "type" => "string"));
}
}
if (isset($data["allow_registration"])) {
$search = array("column" => "name", "value" => "allow_registration");
$res = $db->edit_rows($search, array("value" => (string) $data["allow_registration"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "allow_registration", "value" => (string) $data["allow_registration"], "type" => "bool"));
}
}
if (isset($data["manual_activation"])) {
$search = array("column" => "name", "value" => "manual_activation");
$res = $db->edit_rows($search, array("value" => (string) $data["manual_activation"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "manual_activation", "value" => (string) $data["manual_activation"], "type" => "bool"));
}
}
if (isset($data["registration_email"])) {
$search = array("column" => "name", "value" => "registration_email");
$res = $db->edit_rows($search, array("value" => (string) $data["registration_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "registration_email", "value" => (string) $data["registration_email"], "type" => "string"));
}
}
if (isset($data["activation_email"])) {
$search = array("column" => "name", "value" => "activation_email");
$res = $db->edit_rows($search, array("value" => (string) $data["activation_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "activation_email", "value" => (string) $data["activation_email"], "type" => "string"));
}
}
if (isset($data["activate_user_email"])) {
$search = array("column" => "name", "value" => "activate_user_email");
$res = $db->edit_rows($search, array("value" => (string) $data["activate_user_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "activate_user_email", "value" => (string) $data["activate_user_email"], "type" => "string"));
}
}
if (isset($data["cookie_message"])) {
$search = array("column" => "name", "value" => "cookie_message");
$res = $db->edit_rows($search, array("value" => (string) $data["cookie_message"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "cookie_message", "value" => (string) $data["cookie_message"], "type" => "string"));
}
}
if (isset($data["cookie_message_button"])) {
$search = array("column" => "name", "value" => "cookie_message_button");
$res = $db->edit_rows($search, array("value" => (string) $data["cookie_message_button"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "cookie_message_button", "value" => (string) $data["cookie_message_button"], "type" => "string"));
}
}
$db->disconnect();
$this->response("success", "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 10) {
$this->response(null, null, 401);
}
// menu item
$db = new RazorDB();
$db->connect("menu_item");
// 1. grab all menus in position order
$options = array("order" => array("column" => "position", "direction" => "asc"));
$search = array("column" => "id", "not" => true, "value" => null);
$all_menu_items = $db->get_rows($search, $options);
$all_menu_items = $all_menu_items["result"];
// 2. make flat arrays
$new_menus_flat = array();
foreach ($data as $menu) {
// set up menu item arrays
if (!isset($new_menus_flat[$menu["id"]])) {
$new_menus_flat[$menu["id"]] = array();
}
foreach ($menu["menu_items"] as $mi) {
if (isset($mi["id"])) {
$new_menus_flat[$menu["id"]][] = $mi["id"];
}
if (isset($mi["sub_menu"]) & !empty($mi["sub_menu"])) {
foreach ($mi["sub_menu"] as $sub_menu_item) {
if (isset($sub_menu_item["id"])) {
$new_menus_flat[$menu["id"]][] = $sub_menu_item["id"];
}
}
}
}
}
$current_menus_flat = array();
foreach ($all_menu_items as $ami) {
// set up menu item arrays
if (!isset($current_menus_flat[$ami["menu_id"]])) {
$current_menus_flat[$ami["menu_id"]] = array();
}
$current_menus_flat[$ami["menu_id"]][] = $ami["id"];
// at same time remove any items missing
if (!in_array($ami["id"], $new_menus_flat[$ami["menu_id"]])) {
$db->delete_rows(array("column" => "id", "value" => (int) $ami["id"]));
}
}
// 3. update all of sent menu data, by looping through the new $data
foreach ($data as $new_menu) {
$pos = 1;
// each menu
foreach ($new_menu["menu_items"] as $nmi) {
if (isset($nmi["id"]) && in_array($nmi["id"], $current_menus_flat[$new_menu["id"]])) {
// update menu item
$search = array("column" => "id", "value" => $nmi["id"]);
$db->edit_rows($search, array("position" => $pos));
} else {
// add new item
$row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 1, "page_id" => $nmi["page_id"], "link_id" => 0);
$db->add_rows($row);
}
$pos++;
// now check for sub menu
if (isset($nmi["sub_menu"]) && !empty($nmi["sub_menu"])) {
foreach ($nmi["sub_menu"] as $nsmi) {
if (isset($nsmi["id"]) && in_array($nsmi["id"], $current_menus_flat[$new_menu["id"]])) {
// update menu item
$search = array("column" => "id", "value" => $nsmi["id"]);
$db->edit_rows($search, array("position" => $pos));
} else {
// add new item
$row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 2, "page_id" => $nsmi["page_id"], "link_id" => 0);
$db->add_rows($row);
}
$pos++;
}
}
}
}
$db->disconnect();
$this->response("success", "json");
}
private function add_new_menu($loc)
{
// check if menu exists in db, if yes return false to carry on
if (in_array($loc, $this->all_menus)) {
return false;
}
// create new menu
$db = new RazorDB();
$db->connect("menu");
$db->add_rows(array("name" => $loc));
$db->disconnect();
return true;
}
public function post($data)
{
// are we accepting registrations
$db = new RazorDB();
// get menu data too
$db->connect("setting");
$allow = $db->get_rows(array("column" => "name", "value" => "allow_registration"));
$manual = $db->get_rows(array("column" => "name", "value" => "manual_activation"));
$registration_email = $db->get_rows(array("column" => "name", "value" => "registration_email"));
$activation_email = $db->get_rows(array("column" => "name", "value" => "activation_email"));
$activate_user_email = $db->get_rows(array("column" => "name", "value" => "activate_user_email"));
$db->disconnect();
if (!isset($allow["result"][0]["value"]) || !$allow["result"][0]["value"]) {
$this->response(null, null, 405);
}
// verify form is coming from site and that human has sent it
// Check details
if (!isset($_SERVER["REMOTE_ADDR"], $_SERVER["HTTP_USER_AGENT"], $_SERVER["HTTP_REFERER"], $_SESSION["signature"])) {
$this->response(null, null, 400);
}
if (empty($_SERVER["REMOTE_ADDR"]) || empty($_SERVER["HTTP_USER_AGENT"]) || empty($_SERVER["HTTP_REFERER"]) || empty($_SESSION["signature"])) {
$this->response(null, null, 400);
}
// check referer matches the site
if (strpos($_SERVER["HTTP_REFERER"], RAZOR_BASE_URL) !== 0) {
$this->response(null, null, 400);
}
// check data
if (!isset($data["signature"], $data["name"], $data["email_address"], $data["new_password"])) {
$this->response(null, null, 400);
}
if (empty($data["signature"]) || empty($data["name"]) || empty($data["email_address"]) || empty($data["new_password"])) {
$this->response(null, null, 400);
}
if (!isset($data["human"]) || !empty($data["human"])) {
$this->response("robot", "json", 406);
}
// get signature and compare to session
if ($_SESSION["signature"] !== $data["signature"]) {
$this->response(null, null, 400);
}
unset($_SESSION["signature"]);
session_destroy();
// now we know registrations allowed, form came from website etc so lets check email unique and proceed with adding user
$db->connect("user");
// check email is unique
$search = array("column" => "email_address", "value" => $data["email_address"]);
$user = $db->get_rows($search);
if ($user["count"] > 0) {
$this->response(null, null, 409);
}
// create new user
$password = $this->create_hash($data["new_password"]);
$row = array("name" => $data["name"], "email_address" => $data["email_address"], "access_level" => 1, "active" => false, "password" => $this->create_hash($data["new_password"]));
$activate_link = "";
if (!$manual["result"][0]["value"]) {
$activate_token = sha1($_SERVER["HTTP_USER_AGENT"] . $_SERVER["REMOTE_ADDR"] . $password);
$row["activate_token"] = $activate_token;
$activate_link = RAZOR_BASE_URL . "rars/user/activate/{$activate_token}";
}
$db->add_rows($row);
$db->disconnect();
$server_email = str_replace("www.", "", $_SERVER["SERVER_NAME"]);
// email text replacement
$search = array("**server_name**", "**user_email**", "**activation_link**");
$replace = array($_SERVER["SERVER_NAME"], $data["email_address"], $activate_link);
if ($manual["result"][0]["value"]) {
// send notifcation of registration and activation is manual to user
$message1 = str_replace($search, $replace, $registration_email["result"][0]["value"]);
$this->email("no-reply@{$server_email}", $data["email_address"], "{$_SERVER["SERVER_NAME"]} Account Registered", $message1);
// send notifcation to super admin email that someone has registered and needs activation
$db->connect("user");
$res = $db->get_rows(array("column" => "id", "value" => 1));
$super_email = $res["result"][0]["email_address"];
$db->disconnect();
$message2 = str_replace($search, $replace, $activate_user_email["result"][0]["value"]);
$this->email("no-reply@{$server_email}", $super_email, "{$_SERVER["SERVER_NAME"]} Account Registered", $message2);
} else {
$message3 = str_replace($search, $replace, $activation_email["result"][0]["value"]);
$this->email("no-reply@{$server_email}", $data["email_address"], "{$_SERVER["SERVER_NAME"]} Account Activation", $message3);
}
$this->response(array("manual_activation" => $manual["result"][0]["value"]), "json");
}
public function login($data)
{
// check if email set
if (!isset($data["username"])) {
throw new Exception("No Login username");
}
if (!isset($data["password"])) {
throw new Exception("No Login password");
}
$ip_address = preg_replace("/[^0-9.]/", '', substr($_SERVER["REMOTE_ADDR"], 0, 50));
$user_agent = preg_replace("/[^0-9a-zA-Z.:;-_]/", '', substr($_SERVER["HTTP_USER_AGENT"], 0, 250));
// check ban list if active before doing anything else
if (RARS_ACCESS_BAN_ATTEMPS > 0) {
// find banned rows
$db = new RazorDB();
$db->connect("banned");
$search = array(array("column" => "ip_address", "value" => $ip_address), array("column" => "user_agent", "value" => $user_agent, "and" => true));
$count = $db->get_rows($search);
$count = $count["count"];
$db->disconnect();
if ($count > 0) {
return RazorAPI::response(array("message" => "Login failed: ip banned", "login_error_code" => 104), "json");
}
}
/* carry on with login */
// find user
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "email_address", "value" => $data["username"]);
$options = array("amount" => 1);
$res = $db->get_rows($search, $options);
$db->disconnect();
// check user found
if ($res["count"] != 1) {
return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json");
}
// grab user details
$user = $res["result"][0];
// check if user is locked out here
if (!empty($user["lock_until"]) && $user["lock_until"] > time()) {
return RazorAPI::response(array("message" => "Login failed: user locked out please try later", "login_error_code" => 102, "time_left" => $user["lock_until"] - time()), "json");
}
// check active user
if (!$user["active"]) {
return RazorAPI::response(array("message" => "Login failed: user not active", "login_error_code" => 103), "json");
}
// now check if password ok (we need password first to get salt from it before we can check it), if not then send response
if (RazorAPI::create_hash($data["password"], substr($user["password"], 0, strlen($user["password"]) / 2), 'sha1') !== $user["password"]) {
// update failed attempts and lockout
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "id", "value" => $user["id"]);
$changes = array("failed_attempts" => $user["failed_attempts"] + 1);
if ($user["failed_attempts"] > 0 && $user["failed_attempts"] % RARS_ACCESS_ATTEMPTS == 0) {
$changes["lock_until"] = time() + RARS_ACCESS_LOCKOUT;
}
$db->edit_rows($search, $changes);
$db->disconnect();
// add to banned list if banned active and too many attempts
if (RARS_ACCESS_BAN_ATTEMPS > 0 && $user["failed_attempts"] + 1 >= RARS_ACCESS_BAN_ATTEMPS) {
$db = new RazorDB();
$db->connect("banned");
$row = array("ip_address" => $ip_address, "user_agent" => $user_agent);
$db->add_rows($row);
$db->disconnect();
}
return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json");
}
/* we are now authenticated, respond and send token back */
// need to create a token and last logged stamp and save it in the db
$last_logged = time();
$pass_hash = $user["password"];
$token = sha1($last_logged . $user_agent . $ip_address . $pass_hash) . "_" . $user["id"];
// store last logged and reset lockout/attempts
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "id", "value" => $user["id"]);
$changes = array("last_logged_in" => $last_logged, "last_accessed" => $last_logged, "failed_attempts" => 0, "lock_until" => null, "ip_address" => $ip_address);
$db->edit_rows($search, $changes);
$db->disconnect();
// collect user data
$user = array("id" => $user["id"], "name" => $user["name"], "email_address" => $user["email_address"], "last_logged_in" => $user["last_logged_in"], "access_level" => $user["access_level"]);
// setup response
return RazorAPI::response(array("token" => $token, "user" => $user), "json");
}
public function post($data)
{
// check we have a logged in user
if ((int) $this->check_access() < 1) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("user");
if (!isset($data["id"])) {
// do you have access to make create new user
if ($this->check_access() != 10) {
$this->response(null, null, 401);
}
if (!isset($data["new_password"]) || empty($data["new_password"])) {
$this->response(null, null, 400);
}
// check email is unique
$search = array("column" => "email_address", "value" => $data["email_address"]);
$user = $db->get_rows($search);
if ($user["count"] > 0) {
$this->response(null, null, 409);
}
// create new user
$row = array("name" => $data["name"], "email_address" => $data["email_address"], "access_level" => (int) $data["access_level"] < 10 ? $data["access_level"] : 1, "active" => $data["active"], "password" => $this->create_hash($data["new_password"]));
$db->add_rows($row);
} elseif ($this->user["id"] == $data["id"]) {
// check email is unique if changed
if ($data["email_address"] != $this->user["email_address"]) {
$search = array("column" => "email_address", "value" => $data["email_address"]);
$user = $db->get_rows($search);
if ($user["count"] > 0) {
$this->response(null, null, 409);
}
}
// if this is your account, alter name, email or password
$search = array("column" => "id", "value" => $this->user["id"]);
$row = array("name" => $data["name"], "email_address" => $data["email_address"]);
if (isset($data["new_password"])) {
$row["password"] = $this->create_hash($data["new_password"]);
}
$db->edit_rows($search, $row);
// return the basic user details
if (isset($data["new_password"])) {
$this->response(array("reload" => true), "json");
}
} elseif ($this->check_access() == 10) {
// if not account owner, but acces of 10, alter access level or active
// do not allow anyone to be set to level 10, only one account aloud
if (isset($data["access_level"]) && $data["access_level"] == 10) {
$this->response(null, null, 400);
}
$search = array("column" => "id", "value" => $data["id"]);
$row = array("access_level" => $data["access_level"], "active" => $data["active"]);
$db->edit_rows($search, $row);
} else {
$this->response(null, null, 401);
}
$db->disconnect();
$this->response("success", "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 10) {
$this->response(null, null, 401);
}
if (!isset($data["content"])) {
$this->response(null, null, 400);
}
// update content
$db = new RazorDB();
$db->connect("content");
// update or add content
$new_content_map = array();
foreach ($data["content"] as $key => $content) {
if (!isset($content["content_id"]) || !isset($content["content"]) || empty($content["content"])) {
unset($data["content"][$key]);
continue;
}
if (stripos($content["content_id"], "new-") === false) {
// update
$search = array("column" => "id", "value" => $content["content_id"]);
$db->edit_rows($search, array("content" => $content["content"], "name" => $content["name"]));
} else {
// add new content and map the ID to the new id for locations table
$row = array("content" => $content["content"], "name" => $content["name"]);
$result = $db->add_rows($row);
$new_content_map[$content["content_id"]] = $result["result"][0]["id"];
}
}
$db->disconnect();
// update or add locations
$db = new RazorDB();
$db->connect("page_content");
// 1. first take snapshot of current
$search = array("column" => "page_id", "value" => (int) $data["page_id"]);
$current_page_content = $db->get_rows($search);
$current_page_content = $current_page_content["result"];
// 2. iterate through updating or adding, make a note of all id's
$page_content_map = array();
foreach ($data["locations"] as $location => $columns) {
foreach ($columns as $column => $blocks) {
foreach ($blocks as $pos => $block) {
if ($block["id"] != "new") {
// update
$search = array("column" => "id", "value" => $block["id"]);
$row = array("location" => $location, "column" => (int) $column, "position" => $pos + 1, "json_settings" => json_encode($block["settings"]));
if (isset($block["extension"])) {
$row["extension"] = $block["extension"];
}
$db->edit_rows($search, $row);
$page_content_map[] = $block["id"];
} else {
// add new, if new, add, if new but already present add, else add as ext
$new_content_id = isset($block["content_id"], $new_content_map[$block["content_id"]]) ? $new_content_map[$block["content_id"]] : (isset($block["content_id"]) && is_numeric($block["content_id"]) ? $block["content_id"] : null);
if (!empty($new_content_id) || isset($block["extension"])) {
$row = array("page_id" => (int) $data["page_id"], "content_id" => $new_content_id, "location" => $location, "column" => (int) $column, "position" => $pos + 1);
if (isset($block["extension"])) {
$row["extension"] = $block["extension"];
$row["json_settings"] = isset($block["settings"]) ? json_encode($block["settings"]) : null;
}
$result = $db->add_rows($row);
$page_content_map[] = $result["result"][0];
}
}
}
}
}
// 3. run through id's affected against snapshot, if any missing, remove them.
foreach ($current_page_content as $row) {
if (!in_array($row["id"], $page_content_map)) {
$db->delete_rows(array("column" => "id", "value" => (int) $row["id"]));
}
}
$db->disconnect();
// return the basic user details
$this->response("success", "json");
}
