//This is an example where authorization is requiered for all tables except for CategoryVisible that is always authorized ArrestDBConfig::auth(["table" => "Category"], function ($method, $table, $id) { return true; }); ArrestDBConfig::auth([], function ($method, $table, $id) { global $user; if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } else { $user = $_SERVER['PHP_AUTH_USER']; $pass = sha1($_SERVER['PHP_AUTH_PW']); $query = ArrestDB::PrepareQueryGET(["TABLE" => "User", "WHERE" => ["email='{$user}'", "password='******'"]]); $result = ArrestDB::Query($query); if (count($result) == 0) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } $user = $result[0]; return true; } }); /* ALLOW (OPTIONAL) It's similar to auth but it's used in other cases when is checked out if it's allowed to execute a method over a table or function. Return true if is allowed. By default all is allowed
} } return ArrestDB::Reply($result); }); ArrestDB::Serve('PUT', '/(#any)/(#num)', function ($table, $id) { if (empty($GLOBALS['_PUT']) === true) { $result = ArrestDB::$HTTP[204]; } else { if (is_array($GLOBALS['_PUT']) === true) { $data = []; foreach ($GLOBALS['_PUT'] as $key => $value) { $data[$key] = sprintf('"%s" = ?', $key); } $query = array(sprintf('UPDATE "%s" SET %s WHERE "%s" = ?', $table, implode(', ', $data), 'id')); $query = sprintf('%s;', implode(' ', $query)); $result = ArrestDB::Query($query, $GLOBALS['_PUT'], $id); if ($result === false) { $result = ArrestDB::$HTTP[409]; } else { $result = ArrestDB::$HTTP[200]; } } } return ArrestDB::Reply($result); }); exit(ArrestDB::Reply(ArrestDB::$HTTP[400])); class ArrestDB { public static $HTTP = [200 => ['success' => ['code' => 200, 'status' => 'OK']], 201 => ['success' => ['code' => 201, 'status' => 'Created']], 204 => ['error' => ['code' => 204, 'status' => 'No Content']], 400 => ['error' => ['code' => 400, 'status' => 'Bad Request']], 403 => ['error' => ['code' => 403, 'status' => 'Forbidden']], 404 => ['error' => ['code' => 404, 'status' => 'Not Found']], 409 => ['error' => ['code' => 409, 'status' => 'Conflict']], 503 => ['error' => ['code' => 503, 'status' => 'Service Unavailable']]]; public static function Query($query = null) {
public static function getQuery($query, $extends = null, $id = "") { $table = $query["TABLE"]; $query = ArrestDB::PrepareQueryGET($query, false); $result = ArrestDB::Query($query); if ($result === false || count($result) == 0) { return null; } else { if (isset($result[0])) { foreach ($result as $k => $object) { $result[$k]["__table"] = $table; } } else { $result["__table"] = $table; } } if (isset($extends) === true) { $extends = explode(",", $extends); try { $result = ArrestDB::Extend($result, $extends); } catch (Exception $e) { $result = ArrestDB::$HTTP[$e->getCode()]; $result["error"]["detail"] = $e->getMessage(); return ArrestDB::Reply($result); } } if (function_exists("ArrestDB_postProcess")) { $result = ArrestDB_postProcess('GET', $table, $id, $result); } return ArrestDB::ObfuscateId($result); }
} else { if (is_array($GLOBALS['_PUT']) === true) { $query = []; $query["TABLE"] = $table; $query["VALUES"] = []; foreach ($GLOBALS["_PUT"] as $key => $value) { $query["VALUES"][$key] = $value; } if (function_exists("ArrestDB_modify_query")) { $query = ArrestDB_modify_query("PUT", $table, $id, $query); } $data = []; foreach ($query['VALUES'] as $key => $value) { $data[$key] = sprintf('"%s" = ?', $key); } $query2 = array(sprintf('UPDATE "%s" SET %s WHERE "%s" = ?', $query["TABLE"], implode(', ', $data), ArrestDB::TableKeyName($query["TABLE"]))); $query2 = sprintf('%s;', implode(' ', $query2)); $result = ArrestDB::Query($query2, $query['VALUES'], $id); if ($result === false) { $result = ArrestDB::$HTTP[409]; } else { $result = ArrestDB::$HTTP[200]; if (function_exists(ArrestDB_postProcess)) { ArrestDB_postProcess("PUT", $table, $id); } } } } return ArrestDB::Reply($result); }); exit(ArrestDB::Reply(ArrestDB::$HTTP[400]));
} if ($rowCount != $result['result']->rowCount()) { syslog(LOG_ERR, sprintf('Archived unloaded %d rows but delete removed %d rows - rolling back.', $rowCount, $result['result']->rowCount())); $result = ArrestDB::Query('ROLLBACK'); if ($result === false) { http_response_code(400); exit('Unable to ROLLBACK transaction!! Oh noes...'); } } $result = ArrestDB::Query('COMMIT'); if ($result === false) { http_response_code(400); exit('Unable to COMMIT transaction'); } } catch (Exception $e) { $result = ArrestDB::Query('ROLLBACK'); if ($result === false) { http_response_code(400); exit('Unable to ROLLBACK transaction!! Oh noes...'); } } http_response_code(201); header(sprintf('Location: %s/%s', $ARCHIVE_URI_PREFIX, basename($archive))); return ArrestDB::Reply(['count' => $rowCount]); }); ArrestDB::Serve('DELETE', '/(#any)', function () { http_response_code(400); exit('Not yet implemented'); }); http_response_code(400); exit('Request failed to match');
$queries[] = array(sprintf('%s;', implode(' ', $query)), $data); } if (count($queries) > 1) { ArrestDB::Query()->beginTransaction(); while (is_null($query = array_shift($queries)) !== true) { if (($result = ArrestDB::Query($query[0], $query[1])) === false) { ArrestDB::Query()->rollBack(); break; } } if ($result !== false && ArrestDB::Query()->inTransaction() === true) { $result = ArrestDB::Query()->commit(); } } else { if (is_null($query = array_shift($queries)) !== true) { $result = ArrestDB::Query($query[0], $query[1]); } } if ($result === false) { $result = ArrestDB::$HTTP[409]; } else { $result = ArrestDB::$HTTP[201]; } } } return ArrestDB::Reply($result); }); /* we don't need to have update enabled, commenting out this block ArrestDB::Serve('PUT', '/(#any)/(#num)', function ($table, $id) { if (empty($GLOBALS['_PUT']) === true)