function processRequest() { // we can directly reference $_SESSION, $_REQUEST and defined vars set by config; global $con; // give access to open db connection object $this->sesstoken = fct_session_token(); // from $_SESSION['token'] (may be gen'd new just now) $email = isset($_POST) && isset($_POST['email']) ? $_POST['email'] : ''; $email = strtolower(urldecode($email)); $existing_user = $con->recordselect("SELECT * FROM `prelaunch_signup` WHERE emailAddress='" . $email . "'"); if (mysql_num_rows($existing_user) > 0) { return "That email address is already signed up."; } else { // new pre-launch signup $accessIp = get_ip_address1(); if (isset($_SESSION['plc'])) { // new user has arrived on a referral link containing prelaunch_user created timestamp $con->insert("INSERT INTO `prelaunch_signup` \n\t\t\t\t\t\t\t(`emailAddress`, `created`, `ipaddress`, `referrerCreated`) \n\t\t\t\t\t\t\tVALUES ('{$email}', " . time() . ", '" . $accessIp . "', '" . $_SESSION['plc'] . "') "); } else { if (isset($_SESSION['ruid'])) { // new user has arrived on a referral link containing a registered user's id $referrer = $con->recordselect("SELECT * FROM `users` WHERE `userId` = '" . $_SESSION['ruid'] . "' "); if (mysql_num_rows($referrer) >= 1) { // Use registered user's "created" timestamp as referrerCreated // ... to add a little confusion to understand which "create" we are talking about $con->insert("INSERT INTO `prelaunch_signup` \n\t\t\t\t\t\t\t(`emailAddress`, `created`, `ipaddress`, `referrerCreated`) \n\t\t\t\t\t\t\tVALUES ('{$email}', " . time() . ", '" . $accessIp . "', '" . $referrer['created'] . "') "); } else { // strange ... cannot located registered user by id wrtlog("DEBUG: could not locate registered user by userId=" . $_SESSION['ruid'] . " from session['ruid'] "); } } else { $con->insert("INSERT INTO `prelaunch_signup` (`emailAddress`, `created`, `ipaddress`) \n\t\t\t\t\t\t\tVALUES ('{$email}', " . time() . ", '" . $accessIp . "') "); } } return "Thank you! We will notify you as soon as we open for business."; } }
function processRequest() { // we can directly reference $_SESSION, $_REQUEST and defined vars set by config; global $con; // give access to open db connection object //wrtlog("API processRequest: ". print_r($_REQUEST,true)); $resp = array(); $no_login_required = array('cksession', 'login'); $defined_methods = array('cksession', 'login', 'logout', 'projects', 'userinfo', 'pledge'); /* // before rewrite /api/cksession/<b64_user_email> /api/login/<session_token>/<b64_user_email>/<b64_user_pwd> /api/logout/<session_token> /api/projects/<session_token> /api/userinfo/<session_token> /api/userinfo/<session_token>/<projectId> /api/pledge/<session_token>/<projectId>/<dollaramount> // after rewrite /api.php?a=<methodname>&b=<param1>[&c=<param2>[&d=<param3>]] */ $this->sesstoken = fct_session_token(); // from $_SESSION['token'] (may be gen'd new just now) $this->method = isset($_REQUEST['a']) ? $_REQUEST['a'] : ''; if (empty($this->method) || !in_array($this->method, $defined_methods)) { $resp = array('completion' => 'NOK', 'error' => 'invalid method requested: ' . $this->method); } else { if (in_array($this->method, $no_login_required)) { // no logged in session required if ($this->method == 'cksession') { $user_email = base64_decode(isset($_REQUEST['b']) ? $_REQUEST['b'] : ''); $resp = $this->cksession($user_email); } else { if ($this->method == 'login') { $_SESSION['pb6'] = ''; $token = isset($_REQUEST['b']) ? $_REQUEST['b'] : ''; $user_email = base64_decode(isset($_REQUEST['c']) ? $_REQUEST['c'] : ''); $user_pass = base64_decode(isset($_REQUEST['d']) ? $_REQUEST['d'] : ''); if (empty($user_email) || empty($user_pass)) { $resp = array('completion' => 'NOK', 'error' => 'missing required parameters'); } else { if ($token != $this->sesstoken) { $resp = array('completion' => 'NOK', 'error' => 'invalid session token'); } else { $resp = $this->login($user_email, $user_pass); } } } else { $resp = array('completion' => 'NOK', 'error' => 'requested method not yet hooked up'); } } } else { // logged in session required if ($this->method == 'logout') { session_destroy(); $resp = array('completion' => 'OK'); } else { $token = isset($_REQUEST['b']) ? $_REQUEST['b'] : ''; if ($token != $this->sesstoken) { $resp = array('completion' => 'NOK', 'error' => 'invalid session token'); } else { $this->userid = isset($_SESSION['userid']) ? $_SESSION['userid'] : false; if (!$this->userid) { $resp = array('completion' => 'NOK', 'error' => 'no user id in session'); } else { if ($this->method == 'projects') { $resp = $this->projects(); } else { if ($this->method == 'userinfo') { $projId = isset($_REQUEST['c']) ? $_REQUEST['c'] : ''; // may be null $resp = $this->userinfo($projId); } else { if ($this->method == 'pledge') { $projId = isset($_REQUEST['c']) ? $_REQUEST['c'] : ''; $b64pwd = isset($_REQUEST['d']) ? $_REQUEST['d'] : ''; $amount = isset($_REQUEST['e']) ? $_REQUEST['e'] : ''; if (!is_numeric($projId)) { $resp = array('completion' => 'NOK', 'error' => 'missing valid project id'); } else { if (!is_numeric($amount) || $amount <= 0) { $resp = array('completion' => 'NOK', 'error' => 'missing valid pledge amount'); } else { if (!isset($_SESSION) || !isset($_SESSION['pb6']) || $b64pwd != $_SESSION['pb6']) { $resp = array('completion' => 'NOK', 'error' => 'password incorrect'); } else { $resp = $this->pledge($projId, $amount); } } } } else { $resp = array('completion' => 'NOK', 'error' => 'requested method not yet hooked up.'); } } } } } } } } //wrtlog("API response: " . print_r($resp,true)); //wrtlog(print_r($resp,true)); header('Content-Type: application/json; charset=utf-8'); $jsonResp = json_encode($resp); //wrtlog($jsonResp); // DEBUG return $jsonResp; }