` = '" . s(v('<?php echo $input; ?> ')) . "' "; <?php } } ?> if( !isset($wsql) ) return $this->send_error( LR_API_ARGS_ERROR , 'INPUT AND LIKE/EQUALS MUST HAS 1 FIELD AT LEAST' ); <?php if (count($outputs[$table][$action]) > 0) { ?> $sql = "SELECT <?php echo rjoin(' , ', '`', $outputs['table']['action']); ?> FROM `<?php echo $table; ?> ` WHERE ". join( ' AND ' , $wsql ); $data = get_line( $sql ); if( mysql_errno() != 0 ) return $this->send_error( LR_API_DB_ERROR , 'DATABASE ERROR ' . mysql_error() ); <?php } // outputs ?> $sql = "DELETE FROM `<?php
public function index() { //print_r( $_REQUEST ); $table = z(t(v('_table'))); $action = z(t(v('_interface'))); if (strlen($table) < 1 || strlen($action) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'BAD ARGS'); } // user define code if ($my_code = get_var("SELECT `code` FROM `__meta_code` WHERE `table` = '" . s($table) . "' AND `action` = '" . s($action) . "' LIMIT 1")) { return eval($my_code); exit; } // check table $tables = get_table_list(db()); if (!in_array($table, $tables)) { return $this->send_error(LR_API_ARGS_ERROR, 'TABLE NOT EXISTS'); } if ($table == c('token_table_name') && $action == 'get_token') { return $this->get_token(); } $fields = get_fields($table); $kv = new SaeKV(); $kv->init(); $ainfo = unserialize($kv->get('msetting_' . $table . '_' . $action)); $in_code = $kv->get('iosetting_input_' . $table . '_' . $action); $out_code = $kv->get('iosetting_output_' . $table . '_' . $action); // run user defined input fliter if (strlen($in_code) > 0) { eval($in_code); } if ($ainfo['on'] != 1) { return $this->send_error(LR_API_ARGS_ERROR, 'API NOT AVAILABLE'); } if ($ainfo['public'] != 1) { $this->check_token(); } $requires = array(); $inputs = array(); $outs = array(); $likes = array(); $equal = array(); foreach ($fields as $field) { $finfo = unserialize($kv->get('msetting_' . $table . '_' . $action . '_' . $field)); if ($finfo['required'] == 1) { $requires[] = $field; } if ($finfo['input'] == 1) { $inputs[] = $field; } if ($finfo['output'] == 1) { $outputs[] = $field; } if ($finfo['like'] == 1) { $likes[] = $field; } if ($finfo['equal'] == 1) { $equals[] = $field; } } // check require if (count($requires) > 0) { foreach ($requires as $require) { if (strlen(v($require)) < 1) { return $this->send_error(LR_API_ARGS_ERROR, z(t($require)) . ' FIELD REQUIRED'); } } } // build sql switch ($action) { case 'insert': if (count($inputs) < 1) { $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST'); } if (count($outputs) < 1) { $this->send_error(LR_API_ARGS_ERROR, 'OUTPUT MUST HAS 1 FIELD AT LEAST'); } foreach ($inputs as $input) { $dsql[] = "'" . s(v($input)) . "'"; } $sql = "INSERT INTO `" . s($table) . "` ( " . rjoin(' , ', '`', $inputs) . " ) VALUES ( " . join(' , ', $dsql) . " )"; //echo $sql; run_sql($sql); if (mysql_errno() != 0) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } $lid = last_id(); if ($lid < 1) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } if (!($data = get_data("SELECT " . rjoin(' , ', '`', $outputs) . " FROM `" . s($table) . "` WHERE `id` = '" . intval($lid) . "'", db()))) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (strlen($out_code) > 0) { eval($out_code); } $this->send_result($data); } break; case 'update': if (count($inputs) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST'); } if (count($requires) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'REQUIRE MUST HAS 1 FIELD AT LEAST'); } foreach ($inputs as $input) { if (!in_array($input, $likes) && !in_array($input, $equals)) { if (isset($_REQUEST[$input])) { $dsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' "; } } else { if (in_array($input, $likes)) { $wsql[] = " `" . s($input) . "` LIKE '%" . s(v($input)) . "%' "; } else { $wsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' "; } } } if (!isset($dsql) || !isset($wsql)) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT AND LIKE/EQUALS MUST HAS 1 FIELD AT LEAST'); } $sql = "UPDATE `" . s($table) . "` SET " . join(' , ', $dsql) . ' WHERE ' . join(' AND ', $wsql); //echo $sql ; run_sql($sql); if (mysql_errno() != 0) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } $lid = intval(v('id')); if ($lid < 1) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } if (!($data = get_data("SELECT " . rjoin(' , ', '`', $outputs) . " FROM `" . s($table) . "` WHERE `id` = '" . intval($lid) . "'"))) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (strlen($out_code) > 0) { eval($out_code); } $this->send_result($data); } break; case 'remove': if (count($inputs) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST'); } if (count($requires) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'REQUIRE MUST HAS 1 FIELD AT LEAST'); } foreach ($inputs as $input) { if (in_array($input, $likes)) { $wsql[] = " `" . s($input) . "` LIKE '%" . s(v($input)) . "%' "; } elseif (in_array($input, $equals)) { $wsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' "; } } if (!isset($wsql)) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT AND LIKE/EQUALS MUST HAS 1 FIELD AT LEAST'); } if (count($outputs) > 0) { $sql = "SELECT " . rjoin(',', '`', $outputs) . " FROM `" . s($table) . "` WHERE " . join(' AND ', $wsql); $data = get_line($sql); if (mysql_errno() != 0) { return $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } } $sql = "DELETE FROM `" . s($table) . "` WHERE " . join(' AND ', $wsql); run_sql($sql); if (mysql_errno() != 0) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (count($outputs) < 1) { return $this->send_result(array('msg' => 'ok')); } else { if (strlen($out_code) > 0) { eval($out_code); } return $this->send_result($data); } } break; case 'list': default: $since_id = intval(v('since_id')); $max_id = intval(v('max_id')); $count = intval(v('count')); $order = strtolower(z(t(v('ord')))); $by = strtolower(z(t(v('by')))); if ($order == 'asc') { $ord = ' ASC '; } else { $ord = ' DESC '; } if (strlen($by) > 0) { $osql = ' ORDER BY `' . s($by) . '` ' . $ord . ' '; } else { $osql = ''; } if ($count < 1) { $count = 10; } if ($count > 100) { $count = 100; } if (count($outputs) < 1) { $this->send_error(LR_API_ARGS_ERROR, 'OUTPUT MUST HAS 1 FIELD AT LEAST'); } $sql = "SELECT " . rjoin(',', '`', $outputs) . " FROM `" . s($table) . "` WHERE 1 "; if ($since_id > 0) { $wsql = " AND `id` > '" . intval($since_id) . "' "; } elseif ($max_id > 0) { $wsql = " AND `id` < '" . intval($max_id) . "' "; } if (count($inputs) > 0 && count($likes) + count($equals) > 0) { // AND `xxx` == $xxx if (count($likes) > 0) { foreach ($likes as $like) { if (z(t(v($like))) != '') { $wwsql[] = " AND `" . s($like) . "` LIKE '%" . s(v($like)) . "%' "; } } } if (count($equals) > 0) { foreach ($equals as $equal) { if (z(t(v($equal))) != '') { $wwsql[] = " AND `" . s($equal) . "` = '" . s(v($equal)) . "' "; } } } if (isset($wwsql)) { $wsql = $wsql . join(' ', $wwsql); } } $sql = $sql . $wsql . $osql . " LIMIT " . $count; //echo $sql; if ($idata = get_data($sql)) { $first = reset($idata); $max_id = $first['id']; $min_id = $first['id']; foreach ($idata as $item) { if ($item['id'] > $max_id) { $max_id = $item['id']; } if ($item['id'] < $min_id) { $min_id = $item['id']; } } $data = array('items' => $idata, 'max_id' => $max_id, 'min_id' => $min_id); } else { $data = $idata; } if (mysql_errno() != 0) { return $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (strlen($out_code) > 0) { eval($out_code); } return $this->send_result($data); } } //return $this->send_error( LR_API_ARGS_ERROR , 'FIELD NOT EXISTS' ); }