function rest_get($req)
{
global $JSON;
if (checkPrivileges($req[0]) == false) {
return;
}
$resp = reqRouter($req, "GET");
$response;
switch ($resp) {
case 1:
global $routes;
$order = @$routes[$req[0]]["orderBy"];
if (isset($order)) {
$response = sql_GET_ALL($req[0], [$order, "ASC"]);
} else {
$response = sql_GET_ALL($req[0], [$routes[$req[0]]['identifier'], "ASC"]);
}
break;
case 2:
$response = sql_GET($req);
break;
case 3:
$response = sql_GET_ROW($req);
break;
case 4:
$response = sql_GET_SORT($req, true);
break;
case 5:
$response = sql_GET_SORT($req, false);
break;
case 6:
$response = sql_GET_COLUMNS();
break;
case 7:
$response = sql_GET_JOIN($JSON);
break;
case 8:
$response = getPrice($JSON);
break;
case 9:
$response = getByTime($req, $JSON);
break;
case 0:
default:
rest_error("Mal-Formed request, check url params", 400);
return;
}
if (isset($response) && (is_array($response) && count($response) > 0)) {
rest_success(json_encode($response));
} else {
rest_error("Empty Results, Check if item exists in dataBase, Check Url requested.", 404);
}
return 0;
}
function checkPrivileges($tableName)
{
global $adminRequired;
if (in_array($tableName, $adminRequired)) {
if (!isAdmin()) {
rest_error("Invalid privileges, not an Admin", 401);
return false;
}
}
return true;
}
function rest_delete($req)
{
if (checkPrivileges($req[0]) == false) {
rest_error("Insufficient priveleges to DATABASE", 401);
return;
}
$resp = reqRouter($req, "DELETE");
if ($resp == 0) {
rest_error("Check URL Request, The value you are attempting to delete may not exist, check ID '" . $req[1] . "'", 400);
return;
}
$response = sql_DELETE($req);
if (isset($response)) {
global $JSON;
rest_success("'{$req['1']}' was deleted successfully!");
} else {
rest_error("DELETION ERROR", 500);
}
return 0;
}
function checkTableReqs($table, &$JSON)
{
global $routes;
switch ($table) {
case "users":
if (isset($JSON['password'])) {
$JSON['password'] = create_hash($JSON['password']);
//rest_error("Mal-Formed JSON please read Documentation, missing 'password' property",400);
//return false;
}
//echo json_encode($JSON);
break;
}
foreach ($routes[$table]['identifiers'] as $val) {
if (!isset($JSON[$val])) {
rest_error("Mal-Formed JSON please read Documentation, missing '" . $val . "' property", 400);
return false;
}
}
return true;
}
function rest_post($req)
{
if (checkPrivileges($req[0]) == false) {
rest_error("Insufficient privelege to DATABASE", 401);
return;
}
$resp = reqRouter($req, "POST");
if ($resp == 0) {
rest_error("Check URL Request, The value you are attempting to set to may already be taken, You may not be fetching the correct value or column", 400);
return;
}
//$resp==2 user is accessing /tableName/identifier and is updating to values that are available
$response = $resp == 1 ? sql_POST($req) : sql_POST_ALL($req);
if (isset($response)) {
global $JSON;
rest_success("'{$req['1']}' Has Been Updated Successfully!");
} else {
rest_error("POST ERROR Has Occurred", 500);
}
return 0;
}
echo json_encode("ERROR!");
}
$method = $_SERVER['REQUEST_METHOD'];
$request = $_SERVER['REQUEST_URI'];
switch ($method) {
case 'PUT':
parse_str(file_get_contents('php://input'), $put_vars);
sendHeaders();
$data = $put_vars;
rest_put($request, $data);
break;
case 'POST':
sendHeaders();
$data = $_POST;
rest_post($request, $data);
break;
case 'GET':
sendHeaders();
$data = $_GET;
rest_get($request, $data);
break;
case 'DELETE':
sendHeaders();
rest_delete($request);
break;
default:
header("{$_SERVER['SERVER_PROTOCOL']} 404 Not Found");
rest_error($request);
break;
}
exit;
function apikey_checker($apikey_used)
{
teampass_connect();
$apikey_pool = teampass_get_keys();
if (in_array($apikey_used, $apikey_pool)) {
return 1;
} else {
rest_error('APIKEY', $apikey_used);
}
}
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
//require_once('config.php');
require_once 'functions.php';
header('Content-Type: application/json');
if (teampass_api_enabled() != "1") {
echo '{"err":"API access not allowed."}';
exit;
}
teampass_whitelist();
parse_str($_SERVER['QUERY_STRING']);
$method = $_SERVER['REQUEST_METHOD'];
$request = explode("/", substr(@$_SERVER['PATH_INFO'], 1));
switch ($method) {
case 'GET':
rest_get();
break;
case 'PUT':
rest_put();
break;
case 'DELETE':
rest_delete();
break;
case 'HEAD':
rest_head();
break;
default:
rest_error('UNKNOWN');
break;
}
function rest_post($request, $data)
{
$uri = explode("/", $request);
$tip = array_pop($uri);
switch ($tip) {
case 'login':
$dao = new \Dao\KorisnikDao();
$email = htmlentities($data['email']);
$pass = htmlentities($data['password']);
$hash = md5($pass);
$logged = $dao->getLogin($email, $hash);
if ($logged) {
session_start();
$usr = $dao->getByExample('email', $email);
$usr = $usr[0];
$username = $usr->getIme();
$_SESSION['username'] = $username;
$id = $usr->getId();
$_SESSION['korisnikId'] = $id;
}
if (!$logged) {
rest_error("Pogrešni podaci.");
}
return;
break;
case 'logout':
session_start();
if (isset($_SESSION['username']) && $_SESSION['username'] == $data['username']) {
unset($_SESSION['username']);
session_destroy();
} else {
rest_error("Niste prijavljeni.");
}
return;
break;
case 'register':
session_start();
try {
$korisnik = new Korisnik();
$ime = htmlentities($data['ime']);
$prezime = htmlentities($data['prezime']);
$korisnik->setIme($ime . " " . $prezime);
$korisnik->setEmail(htmlentities($data['email']));
$password = htmlentities($data['password']);
$korisnik->setPassword(md5($password));
$kdao = new \Dao\KorisnikDao();
$kdao->create($korisnik);
$username = $ime . " " . $prezime;
$_SESSION['username'] = $username;
$id = $korisnik->getId();
$_SESSION['korisnikId'] = $id;
} catch (Exception $e) {
rest_error($e->getMessage());
}
break;
}
}
function rest_put($req)
{
global $routes;
global $JSON;
include '../../includes/database.php';
$table = $req[0];
if (checkPrivileges($table) == false || checkTableReqs($table, $JSON) == false) {
rest_error("Insufficient Priveleges OR incorrect JSON Requirements", 401);
return;
}
$ret = reqRouter($req, "PUT");
if ($ret == 0) {
rest_error("Item Exists Or Incorrect JSON Properties.", 409);
return;
} else {
if ($ret == 2) {
if (!isset($JSON["OrderSymbols"])) {
rest_error("NO Order received, check JSON", 406);
}
$list = $JSON["OrderSymbols"];
$orders = explode(" , ", $list);
$arr = [];
$allPossibles = sql_GET_JOIN(["tables" => ["symbols"], "from" => "ingredients", "relations" => [["symbols.Name", "ingredients.Symbol"]], "select" => ["symbols.Symbol"]]);
for ($i = 0; $i < count($orders); $i++) {
$ingredients = explode(" ", $orders[$i]);
//from here we need to check that each ingrediant is valid and available?
for ($x = 0; $x < count($ingredients); $x++) {
$ingrediant = $ingredients[$x];
$num = isInside($allPossibles, "Symbol", $ingrediant);
if ($num == -1) {
rest_error($ingrediant . " is not a valid ingredient!", 406);
return;
}
$cur = $allPossibles[$num];
}
}
$table = "orders";
$JSON["TransactionID"] = getTransaction();
}
}
if ($req[0] == "users") {
if (!filter_var($JSON["Email"], FILTER_VALIDATE_EMAIL)) {
rest_error("Invalid Email, Please Enter a Valid Email address.", 406);
return;
}
}
$stmt = $db->prepare(sql_PUT($table));
$ex = buildJSONInputWProps($table, $JSON);
if (is_string($ex)) {
rest_error("Property: '" . $ex . "' is not set on provided JSON Object. Your JSON May be Mal-Formed,incorrect for the database or some other error may have occured", 400);
return;
}
$var = $stmt->execute($ex);
if ($var) {
rest_success('Inputted Successfully Into the DataBase!');
} else {
rest_error('Input unsuccessful. Check spelling this is usually thrown when an item should match another tables item.', 406);
}
/*
$stmt = $db->prepare(sql_PUT($req));
$stmt->execute(array(':fname' => $fname, ':lname' => $lname,':email' => $email,':pass' => $password,':verified'=>0));*/
return 0;
}
rest_post($table, $id, $db);
break;
case 'GET':
rest_get($table, $id, $db, $params);
break;
case 'HEAD':
rest_head($table, $id, $db);
break;
case 'DELETE':
rest_delete($table, $id, $db);
break;
case 'OPTIONS':
rest_options($table, $id, $db);
break;
default:
rest_error();
break;
}
}
function rest_put($table, $id = null, $db, $data)
{
/*
PUT /shows/123 Updates data of show "123"
PUT /shows Updates data of all shows
*/
// Visitor counter has special method
if ($table == 'visitors') {
$update = $db->updateVisitorCount();
if ($update == 0) {
// All is well
}
switch ($method) {
case 'PUT':
case 'POST':
case 'GET':
case 'DELETE':
//add
$funcly = "rest_" . strtolower($method);
$funcly($request);
break;
case 'LOGIN':
$var = reqRouter($request, "LOGIN");
if ($var == 1) {
rest_success("Successfully logged in...");
return;
} else {
if ($var == 2) {
rest_success(json_encode(["location" => "signin.php"]));
return;
} else {
rest_error("Bad request", 400);
return;
}
}
break;
case 'OPTIONS':
return;
break;
default:
rest_error($request, 400);
break;
}
