public function onAction() { parent::onAction(); // TODO proper email sending $target = $this->plugin->getData('target'); $actionResp = getApi()->invoke("/action/{$target['id']}/view.json", EpiRoute::httpGet); if ($actionResp['code'] !== 200) { return; } $action = $actionResp['result']; $email = getConfig()->get('user')->email; $subject = 'You got a new comment on your photo'; if ($action['type'] == 'comment') { $body = <<<BODY {$action['email']} left a comment on your photo. ==== {$action['value']} ==== See the comment here: {$action['permalink']} BODY; } else { $body = <<<BODY {$action['email']} favorited a photo of yours. See the favorite here: {$action['permalink']} BODY; } $headers = "From: Trovebox Robot <*****@*****.**>\r\n" . "Reply-To: no-reply@trovebox.com\r\n" . 'X-Mailer: Trovebox'; mail($email, $subject, $body, $headers); }
public function __construct() { $this->api = getApi(); $this->config = getConfig()->get(); $this->plugin = getPlugin(); $this->route = getRoute(); $this->session = getSession(); $this->template = getTemplate(); $this->utility = new Utility(); $this->url = new Url(); $this->apiVersion = Request::getApiVersion(); }
public function __construct() { $this->api = getApi(); $this->config = getConfig()->get(); $this->logger = getLogger(); $this->route = getRoute(); $this->session = getSession(); $this->cache = getCache(); // really just for setup when the systems don't yet exist if (isset($this->config->systems)) { $this->db = getDb(); $this->fs = getFs(); } }
static function login($post) { // Validate that all required fields are present getApi()->checkFields($post, array('required' => array('username', 'password'), 'optional' => array('sessionId'))); // Validate user against database if (!($user_id = getDatabase()->one("SELECT user_id FROM users where (name=:u OR (email=:u AND email>'')) and password=:p", array('u' => $post['username'], 'p' => sha1($post['password']))))) { http_response_code(401); trigger_error('Unauthorized'); } if (!session_id()) { session_start(); } $_SESSION['user_id'] = $user_id['user_id']; return array('sessionId' => session_id()); }
public function __construct() { $this->api = getApi(); $this->config = getConfig()->get(); $this->plugin = getPlugin(); $this->route = getRoute(); $this->session = getSession(); $this->template = getTemplate(); $this->theme = getTheme(); $this->utility = new Utility(); $this->url = new Url(); $this->template->template = $this->template; $this->template->config = $this->config; $this->template->plugin = $this->plugin; $this->template->session = $this->session; $this->template->theme = $this->theme; $this->template->utility = $this->utility; $this->template->url = $this->url; $this->template->user = new User(); }
static function post($post) { $fields = getApi()->checkFields($post, array('required' => array('code', 'firstname', 'lastname', 'username', 'email', 'ref_user', 'phone', 'nationality', 'country', 'gender', 'city', 'address', 'zip', 'accepted_fields', 'order_owner'), 'optional' => array('ordernr'))); $post['attendee_id'] = $post['ref_user']; $order['order_id'] = $post['ordernr']; $order['attendee_id'] = $post['ref_user']; $order['code'] = $post['code']; $order['order_owner'] = $post['order_owner']; $order['event_id'] = 1; $order['revision'] = getDatabase()->one('SELECT revision FROM cust_orders WHERE order_id=:order_id AND event_id=:event_id AND code=:code', array('order_id' => $order['order_id'], 'event_id' => $order['event_id'], 'code' => $order['code'])); $order['revision'] = $order['revision']['revision'] + 1; unset($post['ref_user']); unset($fields['ref_user']); unset($post['ordernr']); unset($post['code']); unset($post['order_owner']); getDatabase()->insertOrUpdate('cust_orders', $order, array('order_id', 'event_id', 'code')); getDatabase()->insertOrUpdate('cust_attendee', $post, 'attendee_id', $fields); return $post['attendee_id']; }
public function callApis($apisToCall, $apiObj = null) { if ($apiObj === null) { $apiObj = getApi(); } $params = array(); if (!empty($apisToCall)) { foreach ($apisToCall as $name => $api) { $apiParts = explode(' ', $api); $apiMethod = strtoupper($apiParts[0]); $apiMethod = $apiMethod == 'GET' ? EpiRoute::httpGet : EpiRoute::httpPost; $apiUrlParts = parse_url($apiParts[1]); $apiParams = array(); if (isset($apiUrlParts['query'])) { parse_str($apiUrlParts['query'], $apiParams); } $response = $apiObj->invoke($apiUrlParts['path'], $apiMethod, array("_{$apiMethod}" => $apiParams)); $params[$name] = $response['result']; } } return $params; }
static function createUser($post) { $fields = getApi()->checkFields($post, array('required' => array('name', 'password', 'group'), 'optional' => array('email'))); //check is user is logged in and is member of group he/she is trying to create user in. if (!getDatabase()->one("SELECT user_id FROM membership WHERE (group_id=:g OR group_id=0) and user_id=:u", array('g' => $post['group'], 'u' => $_SESSION['user_id']))) { http_response_code(401); trigger_error('Access is denied: You dont belong to this group'); } //Check if username is already taken if (getDatabase()->one("SELECT user_id FROM users WHERE name=:n AND NOT deleted", array('n' => $post['name']))) { //username already exists http_response_code(400); trigger_error('Error: Username already exists'); } //else create the user //Hash the password $post['password'] = sha1($post['password']); //update the array with new fields to return unset($fields['password']); unset($fields['group']); $fields['user_id'] = 'user_id'; //remoev the group from post $group = $post['group']; unset($post['group']); // Insert user into database, and save result for later return. $user = getDatabase()->insert('users', $post, 'user_id', $fields); // Add user to group, if group_id > 0 if ($group > 0) { // check if group actually exists if (getDatabase()->one('SELECT group_id FROM groups WHERE group_id=:g', array('g' => $group))) { getDatabase()->insert('membership', array('user_id' => $user['user_id'], 'group_id' => $group)); } else { http_response_code(500); trigger_error('Error: Group does not exist'); } } return $user; }
<?php // require our important files // wp stuff? require_once 'sugarapi-2.0.0.php'; function getApi() { $sugar_url = 'https://colorfarmrx.sugarondemand.com/rest/v10'; $sugar_user = '******'; $sugar_pwd = 'Password1'; $api = new SugarREST($sugar_url, $sugar_user, $sugar_pwd, false); return $api; } // process request if (isset($_POST['action'])) { $path = isset($_POST['path']) ? $_POST['path'] : ''; $type = isset($_POST['type']) ? $_POST['type'] : 'GET'; $args = array(); if (isset($_POST['args'])) { $args = $_POST['args']; } // get api $sugar = getApi(); $url = $sugar->baseUrl() . $path; $response = $sugar->call($url, $type, $args); //print_r($response); echo json_encode($response); }
static function addMember($groupId, $user) { if (!self::isAdmin()) { http_response_code(403); return trigger_error('Access is denied'); } getApi()->checkFields($user, array('required' => array('user_id'), 'optional' => array('name'))); if ($existingUser = self::getMember($groupId, $user['user_id'])) { return $existingUser; } unset($user['name']); $user['group_id'] = $groupId; if (getDatabase()->insert('membership', $user)) { return self::getMember($groupId, $user['user_id']); } }
public function team() { $envelope = getApi()->invoke('/team.json'); getTemplate()->display('template.php', $envelope['result']); }
static function addScan($list, $post) { getApi()->CheckFields($post, array('required' => array('tag_id'), 'optional' => array('scanner', 'scanner_alias', 'attendee_id', 'timestamp'))); //max: check to see if user has access to post to this list if (!getDatabase()->one('SELECT group_id,list_id FROM membership JOIN lists USING(group_id) WHERE user_id=:u AND list_id=:l', array('u' => $_SESSION['user_id'], 'l' => $list))) { http_response_code(403); trigger_error('Access to list is denied'); } //max: check if tag has a unique user associated with it, if not, send all the people associated with the order_id and make them select themselfs. if ($tag = getDatabase()->one('SELECT * FROM tags WHERE tag_id=:t AND attendee_id=0', array('t' => $post['tag_id']))) { return getDatabase()->all('SELECT * FROM cust_orders JOIN cust_attendee USING(attendee_id) WHERE order_id=:oid', array('oid' => $tag['order_id'])); } else { //max: add some IMPORTANT stuff to the array. $post['user_id'] = $_SESSION['user_id']; $post['list_id'] = $list; //max: now insert the tag getDatabase()->insert('scans', $post, 'scan_id'); $tag = getDatabase()->one('SELECT * FROM tags WHERE tag_id=:t', array('t' => $post['tag_id'])); return getDatabase()->all('SELECT * FROM cust_orders JOIN cust_attendee USING(attendee_id) WHERE attendee_id=:att', array('att' => $tag['attendee_id'])); } }
date_default_timezone_set('America/Los_Angeles'); if (isset($_GET['__route__']) && strstr($_GET['__route__'], '.json')) { header('Content-type: application/json'); } $basePath = dirname(dirname(__FILE__)); $epiPath = "{$basePath}/libraries/external/epi"; require "{$epiPath}/Epi.php"; require "{$basePath}/libraries/compatability.php"; require "{$basePath}/libraries/models/UserConfig.php"; Epi::setSetting('exceptions', true); Epi::setPath('base', $epiPath); Epi::setPath('config', "{$basePath}/configs"); Epi::setPath('view', ''); Epi::init('api', 'cache', 'config', 'curl', 'form', 'logger', 'route', 'session', 'template', 'database'); $routeObj = getRoute(); $apiObj = getApi(); // loads configs and dependencies $userConfigObj = new UserConfig(); $hasConfig = $userConfigObj->load(); $configObj = getConfig(); EpiCache::employ($configObj->get('epi')->cache); $sessionParams = array($configObj->get('epi')->session); if ($configObj->get('epiSessionParams')) { $sessionParams = array_merge($sessionParams, (array) $configObj->get('epiSessionParams')); // for TLDs we need to override the cookie domain if specified if (isset($sessionParams['domain']) && stristr($_SERVER['HTTP_HOST'], $sessionParams['domain']) === false) { $sessionParams['domain'] = $_SERVER['HTTP_HOST']; } $sessionParams = array_values($sessionParams); // reset keys }
/** * Test #12. SYNCH put request without data. */ public function testSynchPutInvalid() { global $synchAuthToken; $this->assertEquals(0, $this->countTestRows()); $data = array(); $result = putApi('synchUser.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $data = array('userId' => ''); $result = getApi('synchUser.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $this->assertEquals(0, $this->countTestRows()); }
} function p($data) { echo "<pre>" . print_r($data, true) . "</pre>"; } getRoute()->get('/', 'home', 'insecure'); //user getApi()->get('/users', array('users', 'getAll'), 'secure', EpiApi::external); getApi()->get('/users/self', array('users', 'getSelf'), 'secure', EpiApi::external); getApi()->get('/users/(\\d+)', array('users', 'get'), 'secure', EpiApi::external); getApi()->get('/users/relations', array('users', 'relations'), 'secure', EpiApi::external); getApi()->get('/users/relationsng', array('users', 'relationsng'), 'secure', EpiApi::external); getApi()->get('/users/phone/(\\w+)', array('users', 'phonenumber'), 'secure', EpiApi::external); //group //event getApi()->get('/events', array('events', 'getng'), 'secure', EpiApi::external); getApi()->get('/events/all', array('events', 'getAll'), 'secure', EpiApi::external); getApi()->get('/events/(\\d+)', array('events', 'getng'), 'secure', EpiApi::external); getApi()->get('/events/shortname/(\\w+)', array('events', 'getShort'), 'secure', EpiApi::external); require_once "src/Epi.php"; try { response(getRoute()->run('/' . implode($request, '/'))); } catch (Exception $err) { // Make sure we always change the respose code to something else than 200 if (http_response_code() == 200) { http_response_code(500); } $err = array('error' => $err->getMessage(), 'file' => $err->getFile(), 'line' => $err->getLine()); response($err); } die;
<?php require sprintf('%s/controllers/BaseController.php', $libraryPath); require sprintf('%s/controllers/ApiController.php', $libraryPath); require sprintf('%s/controllers/GeneralController.php', $libraryPath); require sprintf('%s/external/Markdown/markdown.php', $libraryPath); require sprintf('%s/external/CssMin/CssMin.php', $libraryPath); require sprintf('%s/external/JSMin/JSMin.php', $libraryPath); $route = getRoute(); $api = getApi(); $route->get('/', array('GeneralController', 'home')); $route->get('/community', array('GeneralController', 'community')); $route->get('/contribute/?([a-zA-Z0-9-]+)?', array('GeneralController', 'contribute')); $route->get('/documentation', array('GeneralController', 'documentation')); $route->get('/documentation/api/([a-zA-Z0-9-]+)', array('GeneralController', 'documentationApi')); $route->get('/documentation/faq/([a-zA-Z0-9-]+)', array('GeneralController', 'documentationFaq')); $route->get('/documentation/guide/([a-zA-Z0-9-]+)', array('GeneralController', 'documentationGuide')); $route->get('/documentation/schemas/([a-zA-Z0-9-]+)', array('GeneralController', 'documentationSchemas')); $route->get('/get-started', array('GeneralController', 'getStarted')); $route->get('/overview', array('GeneralController', 'overview')); $route->get('/screenshots', array('GeneralController', 'screenshots')); $route->get('/supporters', array('GeneralController', 'supporters')); $route->get('/team', array('GeneralController', 'team')); $api->get('/\\.json', array('ApiController', 'home'), EpiApi::external); $api->get('/community\\.json', array('ApiController', 'community'), EpiApi::external); $api->get('/contribute/?([a-zA-Z0-9-]+)?\\.json', array('ApiController', 'contribute'), EpiApi::external); $api->get('/documentation\\.json', array('ApiController', 'documentation'), EpiApi::external); $api->get('/documentation/api/([a-zA-Z0-9-]+)\\.json', array('ApiController', 'documentationApi'), EpiApi::external); $api->get('/documentation/faq/([a-zA-Z0-9-]+)\\.json', array('ApiController', 'documentationFaq'), EpiApi::external); $api->get('/documentation/guide/([a-zA-Z0-9-]+)\\.json', array('ApiController', 'documentationGuide'), EpiApi::external); $api->get('/documentation/schemas/([a-zA-Z0-9-]+)\\.json', array('ApiController', 'documentationSchemas'), EpiApi::external);
function apiParamsFromExternal() { $res = getApi()->invoke('/params-internal.json', EpiRoute::httpGet); return $res; }
Epi::setPath('config', './conf'); getConfig()->load('config.ini'); //Include plugin classes and configuration $dir = new DirectoryIterator(dirname(__FILE__) . '/plugins'); foreach ($dir as $fileinfo) { if (!$fileinfo->isDot() && $fileinfo->isDir()) { $file = $fileinfo->getFilename(); include_once './plugins/' . $file . '/index.php'; } } /* * We create 1 normal route (think of these are user viewable pages). * We also create 7 api routes (this of these as data methods). * The beauty of the api routes are they can be accessed natively from PHP * or remotely via HTTP. * When accessed over HTTP the response is json. * When accessed natively it's a php array/string/boolean/etc. */ //getApi()->get('/version.json', array('Api', 'getVersion'), EpiApi::external); getApi()->get('/info/((\\w|-)+)', array('Api', 'info'), EpiApi::external); getApi()->get('/start/((\\w|-)+)', array('Api', 'start'), EpiApi::external); getApi()->get('/stop/((\\w|-)+)', array('Api', 'stop'), EpiApi::external); getApi()->get('/turnAutoRecoverOn/((\\w|-)+)', array('Api', 'turnAutoRecoverOn'), EpiApi::external); getApi()->get('/turnAutoRecoverOff/((\\w|-)+)', array('Api', 'turnAutoRecoverOff'), EpiApi::external); getApi()->get('/turnRefuseNewSessionsOn/((\\w|-)+)', array('Api', 'turnRefuseNewSessionsOn'), EpiApi::external); getApi()->get('/turnRefuseNewSessionsOff/((\\w|-)+)', array('Api', 'turnRefuseNewSessionsOff'), EpiApi::external); getRoute()->get('/', array('Site', 'main')); getRoute()->run(); ?>
/** * Extra text. Make sure the get operation works with a "latest" * value. */ function testGetLatest() { global $testTripId1, $testTripId2; // use the timezone where we do our testing :-) date_default_timezone_set("America/New_York"); $now = time(); $today = date('Y-m-d', $now); $yesterday = date('Y-m-d', $now - 24 * 60 * 60); $tomorrow = date('Y-m-d', $now + 24 * 60 * 60); $past = date('Y-m-d', $now - 5 * (24 * 60 * 60)); $future = date('Y-m-d', $now + 5 * (24 * 60 * 60)); $farPast = date('Y-m-d', $now - 10 * (24 * 60 * 60)); $farFuture = date('Y-m-d', $now + 10 * (24 * 60 * 60)); $testTrip1 = new Trip($testTripId1); $testTrip2 = new Trip($testTripId2); $data = array('current' => ''); // one past and one future trip $testTrip1->setStartDate($past); $testTrip1->setEndDate($yesterday); $this->assertTrue($testTrip1->save()); $testTrip2->setStartDate($tomorrow); $testTrip2->setEndDate($future); $this->assertTrue($testTrip2->save()); $result = getApi('getTrip.php', $data); $this->assertEquals(RESPONSE_SUCCESS, $result['resultCode']); $this->assertTrue(isset($result['tripId'])); $this->assertEquals($testTripId1, $result['tripId']); // one past and one current trip $testTrip1->setStartDate($past); $testTrip1->setEndDate($yesterday); $this->assertTrue($testTrip1->save()); $testTrip2->setStartDate($yesterday); $testTrip2->setEndDate($tomorrow); $this->assertTrue($testTrip2->save()); $result = getApi('getTrip.php', $data); $this->assertEquals(RESPONSE_SUCCESS, $result['resultCode']); $this->assertTrue(isset($result['tripId'])); $this->assertEquals($testTripId2, $result['tripId']); // two past trips $testTrip1->setStartDate($past); $testTrip1->setEndDate($yesterday); $this->assertTrue($testTrip1->save()); $testTrip2->setStartDate($farPast); $testTrip2->setEndDate($past); $this->assertTrue($testTrip2->save()); $result = getApi('getTrip.php', $data); $this->assertEquals(RESPONSE_SUCCESS, $result['resultCode']); $this->assertTrue(isset($result['tripId'])); $this->assertEquals($testTripId1, $result['tripId']); // one current and one future trip $testTrip1->setStartDate($yesterday); $testTrip1->setEndDate($tomorrow); $this->assertTrue($testTrip1->save()); $testTrip2->setStartDate($tomorrow); $testTrip2->setEndDate($future); $this->assertTrue($testTrip2->save()); $result = getApi('getTrip.php', $data); $this->assertEquals(RESPONSE_SUCCESS, $result['resultCode']); $this->assertTrue(isset($result['tripId'])); $this->assertEquals($testTripId1, $result['tripId']); // two current trips, nested $testTrip1->setStartDate($yesterday); $testTrip1->setEndDate($tomorrow); $this->assertTrue($testTrip1->save()); $testTrip2->setStartDate($past); $testTrip2->setEndDate($future); $this->assertTrue($testTrip2->save()); $result = getApi('getTrip.php', $data); $this->assertEquals(RESPONSE_SUCCESS, $result['resultCode']); $this->assertTrue(isset($result['tripId'])); $this->assertEquals($testTripId1, $result['tripId']); // two current trips, staggered $testTrip1->setStartDate($past); $testTrip1->setEndDate($tomorrow); $this->assertTrue($testTrip1->save()); $testTrip2->setStartDate($yesterday); $testTrip2->setEndDate($future); $this->assertTrue($testTrip2->save()); $result = getApi('getTrip.php', $data); $this->assertEquals(RESPONSE_SUCCESS, $result['resultCode']); $this->assertTrue(isset($result['tripId'])); $this->assertEquals($testTripId2, $result['tripId']); }
/** * Test #11. SYNCH get an existent object. * @depends testDataWipedBeforeTest * @depends testGetExistent */ public function testSynchGet() { global $testTripId1; global $testJournalId1; global $synchAuthToken; // Create the object and set attributes $object = new Journal($testTripId1, $testJournalId1); $object->setUserId('user'); $object->setJournalDate('2015-09-30'); $object->setJournalTitle('Journal Title'); $object->setJournalText('Journal Text'); $object->setDeleted('Y'); // Save the object and confirm a row is added to the database $this->assertTrue($object->save()); $this->assertEquals(1, $this->countTestRows()); $data = array('hash' => $object->getHash()); $result = getApi('synchJournal.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_SUCCESS, $result['resultCode']); $this->assertTrue(isset($result['tripId'])); $this->assertTrue(isset($result['journalId'])); $this->assertTrue(isset($result['created'])); $this->assertTrue(isset($result['updated'])); $this->assertTrue(isset($result['userId'])); $this->assertTrue(isset($result['journalDate'])); $this->assertTrue(isset($result['journalTitle'])); $this->assertTrue(isset($result['journalText'])); $this->assertTrue(isset($result['deleted'])); $this->assertTrue(isset($result['hash'])); $this->assertEquals($testTripId1, $result['tripId']); $this->assertEquals($testJournalId1, $result['journalId']); $this->assertEquals($object->getCreated(), $result['created']); $this->assertEquals($object->getUpdated(), $result['updated']); $this->assertEquals('user', $result['userId']); $this->assertEquals('2015-09-30', $result['journalDate']); $this->assertEquals('Journal Title', $result['journalTitle']); $this->assertEquals('Journal Text', $result['journalText']); $this->assertEquals('Y', $result['deleted']); $this->assertEquals($object->getHash(), $result['hash']); }
/** * @depends testSynchGetInvalid */ public function testSynchGetUnauthorized() { global $testTripId1; global $testReferenceId1; global $testUserId1; global $adminAuthToken; // Create the object and set attributes $object = new Feedback($testTripId1, $testReferenceId1, $testUserId1); $object->setType('-type-1'); $object->setDeleted('Y'); // Save the object and confirm a row is added to the database $this->assertTrue($object->save()); $this->assertEquals(1, $this->countTestRows()); $data = array('hash' => $object->getHash()); $result = getApi('synchFeedback.php', $data, $adminAuthToken); $this->assertEquals(RESPONSE_UNAUTHORIZED, $result['resultCode']); }
/** * Test #12. SYNCH put request without data. */ public function testSynchPutInvalid() { global $testTripId1; global $testName1; global $synchAuthToken; $this->assertEquals(0, $this->countTestRows()); $data = array(); $result = putApi('synchTripAttribute.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $data = array('tripId' => ''); $result = getApi('synchTripAttribute.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $data = array('name' => ''); $result = getApi('synchTripAttribute.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $data = array('tripId' => $testTripId1); $result = getApi('synchTripAttribute.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $data = array('name' => $testName1); $result = getApi('synchTripAttribute.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $data = array('tripId' => $testTripId1, 'name' => ''); $result = getApi('synchTripAttribute.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $data = array('tripId' => '', 'name' => $testName1); $result = getApi('synchTripAttribute.php', $data, $synchAuthToken); $this->assertEquals(RESPONSE_BAD_REQUEST, $result['resultCode']); $this->assertEquals(0, $this->countTestRows()); }
static function usePrepaid($attId, $post) { if (self::isAdmin()) { getApi()->checkFields($post, array('required' => array('product_id', 'consumed_location'), 'optional' => array())); if (!getDatabase()->one('SELECT * FROM prepaid WHERE attendee_id=:attid AND product_id=:prod AND NOT used', array('attid' => $attId, 'prod' => $post['product_id']))) { echo "customer doesn't have enough prepaid for this product"; } $ret = getDatabase()->update('prepaid', array('used' => 1, 'consumed' => date('Y-m-d H:i:s'), 'consumed_location' => $post['consumed_location']), 'WHERE attendee_id=:attid AND NOT used LIMIT 1', array('attid' => $attId), 'prepaid_id', array('prepaid_id', 'product_id', 'used')); } else { http_response_code(403); trigger_error('Access is denied'); } return $ret; }