private function get($url)
{
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
Utility::debug('executing url via cUrl . . .', 1);
$response = curl_exec($curl);
Utility::debug('cUrl complete', 1);
Utility::debug('GooglePlaces called: response=' . $response, 5);
if ($error = curl_error($curl)) {
Utility::debug('cUrl exception:' . $error, 3);
throw new \Exception('CURL Error: ' . $error);
}
curl_close($curl);
return $response;
}
public static function executeQuery($query)
{
// connect to database
Utility::debug('executing query ' . $query, 5);
Utility::debug('server=' . self::$server . 'user='******'Error connecting to database: ' . mysql_error(), 1);
Utility::errorRedirect('Error connecting to database: ' . mysql_error());
} else {
Utility::debug('Connected.', 5);
}
Utility::debug('Executing query . . .', 5);
$data = mysqli_query($con, $query);
if (!$data) {
Utility::debug('Error executing query:' . mysql_error(), 1);
Utility::errorRedirect('Error connecting to database: ' . mysql_error());
} else {
Utility::debug('Query executed successfully', 5);
return $data;
}
}
public static function getClass($classname, $userID, $tenantID)
{
$coretypes = array('tenant', 'tenantSetting', 'tenantProperty', 'category', 'menuItem', 'page', 'tenantContent', 'entityList');
if (!in_array($classname, $coretypes, false) && !in_array($classname, Application::$knowntypes, false)) {
throw new Exception('Unknown class name: ' . $classname);
}
$classpath = Config::$root_path . '/classes/';
if (in_array($classname, $coretypes, false)) {
// core types will be in core path as configured in config.php
$classpath = Config::$core_path . '/classes/';
}
// include appropriate dataEntity class & then instantiate it
$classfile = $classpath . $classname . '.php';
if (!file_exists($classfile)) {
Utility::debug('Unable to instantiate class for ' . $classname . ' Classfile does not exist. Looking for ' . $classfile, 9);
throw new Exception('Unable to instantiate new : ' . classname);
}
include_once $classfile;
$classname = ucfirst($classname);
// class names start with uppercase
$class = new $classname($userID, $tenantID);
return $class;
}
public static function executeQueriesInTransaction($queries)
{
Log::debug('Database::executeQueriesInTransaction() called. Server=' . Config::$server . ', user='******'Error connecting to database: ' . mysql_error(), 9);
Utility::errorRedirect('Error connecting to database: ' . mysql_error());
}
Log::debug('Starting transaction.', 5);
if (!mysqli_autocommit($con, FALSE)) {
Log::debug('Unable to set autocommit off: ' . mysqli_error($con), 9);
mysqli_rollback($con);
throw new Exception(mysqli_error($con));
}
Log::debug('Transaction started.', 1);
$success = true;
Log::debug('Executing ' . count($queries) . ' queries . . .', 1);
foreach ($queries as $query) {
Log::debug($query, 1);
Log::debug('executing query [' . $query . ']', 5);
$data = mysqli_query($con, $query);
if (!$data) {
$success = false;
Log::debug('Error executing query:' . mysqli_error($con), 9);
break;
}
}
if (!$success) {
Log::debug('Rolling back transaction.', 9);
$err = mysqli_error($con);
mysqli_rollback($con);
mysqli_close($con);
throw new Exception($err);
} else {
Log::debug('Committing transaction.', 5);
mysqli_commit($con);
}
mysqli_close($con);
}
/**
Delete request
@access public
@throws Exception object
@param string $serviceUri | String with the service uri
@param array $parameters | Array with the parameters
@param string $authorization | String with the authorization hash string
@return object
*/
public function delete($serviceUri, $parameters = null, $authorization = null, $debug = false)
{
try {
self::check_headers();
$curl = curl_init($this->Options["host"] . $serviceUri);
curl_setopt($curl, CURLOPT_HTTPHEADER, self::build_header(Utility::build_http_query($parameters), $authorization));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
curl_setopt($curl, CURLOPT_POSTFIELDS, Utility::build_http_query($parameters));
$curl_response = curl_exec($curl);
$http_status_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
if ($curl_response === false) {
throw new Exception('Error occured during curl exec. Additioanl info: ' . var_export(curl_getinfo($curl)));
}
$json = json_decode($curl_response);
if (isset($json) && is_object($json)) {
return (object) Utility::array_to_object(["payload" => json_decode($curl_response), "http_status" => ["http_method" => "POST", "code" => $http_status_code, "canonical_name" => HttpHandler::get_http_code_info($http_status_code)]]);
} else {
if ($debug) {
$data = (object) Utility::array_to_object(["webservice_return" => trim(strip_tags($curl_response)), "http_status" => ["http_method" => "POST", "code" => $http_status_code, "canonical_name" => HttpHandler::get_http_code_info($http_status_code)]]);
Utility::debug($data);
}
}
} catch (Exception $e) {
throw $e;
}
}
if (strlen($categories) > 0) {
// may be a little overkill, but want to ensure nothing but integers get passed into category id list
$idlist = explode("|", $categories, 10);
$separator = "";
foreach ($idlist as $id) {
if (is_numeric($id)) {
$filter .= $separator . $id;
$separator = ",";
}
}
}
Utility::debug('filter is: ' . $filter, 2);
if ($listId > 0) {
// a list was requested here. Different handling than regular entity set
$query = 'call getLocationsByEntityListIdEx(' . $listId . ',' . $tenantID . ',' . $start . ',' . $return . ',' . $userID . ')';
} elseif (strlen($filter > 0)) {
$query = "call getLocationsByLatLngAndCategoryIdList(" . $tenantID . "," . $userID . "," . $center_lat . "," . $center_long . "," . $return . "," . $start . "," . Database::queryString($filter) . ")";
} else {
$query = "call getLocationsByLatLng(" . $tenantID . "," . $userID . "," . $center_lat . "," . $center_long . "," . $return . "," . $start . ")";
}
Utility::debug('Executing query: ' . $query, 5);
$data = mysqli_query($con, $query) or die(mysqli_error());
$rows = array();
while ($r = mysqli_fetch_assoc($data)) {
$rows[] = Utility::addDisplayElements($r);
}
$set = "{\"locations\":" . json_encode($rows) . "}";
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
echo $set;
}
header('Location: ' . $successURL);
} catch (Exception $e) {
if ($e->getCode() == 1) {
// Password has expired.
$expired = true;
$_SESSION['expiredUserID'] = $user->userid;
$errorMessage = "Your password has expired. Please create a new password.";
} elseif ($e->getCode() == 2) {
// Password has been reset.
$reset = true;
$_SESSION['expiredUserID'] = $user->userid;
$errorMessage = "Your password has been reset. Please create a new password.";
} else {
$errorMessage = $e->getMessage();
}
Utility::debug('Login failed: ' . $errorMessage, 9);
}
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Food Finder: Login</title>
<?php
include "partials/includes.php";
?>
<script type="text/javascript" src="js/login.js"></script>
</head>
<body>
private function validatePassword($password, $username, $userid)
{
// returns true if password if correct for specified user
$userDetails = User::getUserDetails($username);
if ($password != "reset") {
$saltedPassword = Utility::saltAndHash($password, $userDetails["password"]);
} else {
$saltedPassword = '******';
}
$query = 'call validateUser(' . Database::queryString($username);
$query .= ',' . Database::queryString($saltedPassword);
$query .= ',' . Database::queryNumber($this->tenantid) . ');';
$result = Database::executeQuery($query);
if (!$result) {
Utility::debug('User ' . $name . ' failed password validation.', 9);
return false;
} else {
$matchedid = 0;
while ($o = mysqli_fetch_object($result)) {
$matchedid = $o->userid;
}
Utility::debug($matchedid . '- ' . $userid, 9);
return $userid == $matchedid;
}
}
die;
}
// Allow certain file formats
if ($fileExtension == "kml") {
Utility::debug("Processing kml file.", 7);
$xml = simplexml_load_file($workingFile) or die("Error: Cannot parse file.");
// use name of file being imported. This will let client query for progress
$batchname = $_FILES["importFile"]["name"];
$itemcount = count($xml->Document[0]->Placemark);
$batchid = Utility::startBatch($batchname, $itemcount, $tenantID);
// copy temp file to target folder
copy($workingFile, $target_file);
// will use curl to aynch execute the batch job
$ch = curl_init();
$url = 'http://' . $_SERVER['SERVER_NAME'] . "/foodfinder/service/processKML.php";
$url .= "?source=" . urlencode($target_file);
$url .= "&batchid=" . $batchid;
$url .= "&tenantid=" . $tenantID;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 1);
Utility::debug("Calling curl for url " . $url, 7);
curl_exec($ch);
curl_close($ch);
}
header('Content-Type: application/json');
$response = '{"count":' . json_encode($itemcount);
$response .= ', "batchid":' . $batchid . '}';
echo $response;
Utility::debug('File import batch initiated for ' . $workingFile . '. BatchID=' . $batchid, 5);
}
$response = '{"id":' . json_encode($newID) . "}";
Utility::debug('Endorsement added: ID=' . $newID, 5);
header('Content-Type: application/json');
echo $response;
}
} else {
// this is an existing record: update
// to do: add data validations
Utility::debug('Updating endorsement', 5);
echo 'Unable to uodate endorsement: method is not yet implemented';
header(' ', true, 500);
}
} elseif ($_SERVER['REQUEST_METHOD'] == "DELETE") {
$json = file_get_contents('php://input');
$data = json_decode($json);
// to do: got to figure out how to secure this sucker
$id = $data->{'id'};
if (!$id > 0) {
echo 'Unable to delete endorsement: an ID is required';
header(' ', true, 400);
die;
}
Utility::debug('Deleting endorsement id=' . $id, 5);
$query = "call deleteLocationEndorsement(" . Database::queryNumber($id);
$query .= "," . Database::queryNumber($tenantID);
$query .= ')';
$result = Database::executeQuery($query);
} else {
echo "Unsupported HTTP method.";
}
public function updateEntity($id, $data)
{
// this does a very basic update based upon common pattern
// override to add custom save functionality
// if simple is true, child entities are ignored
Utility::debug('dataentity.updateEntity called', 5);
$queries = array();
$this->validateData($data);
//$queries = array();
$newID = 0;
$query = "call update" . $this->getName() . "(" . $id;
$followOnQueries = array();
$fieldarray = $this->getFields();
$separator = ",";
foreach ($fieldarray as $field) {
if (!property_exists($data, $field[0])) {
// assume all required fields already validated, so do what?
$data->{$field[0]} = null;
}
switch ($field[1]) {
case "string":
$query .= $separator . Database::queryString($data->{$field[0]});
break;
case "json":
$query .= $separator . Database::queryJSON($data->{$field[0]});
break;
case "boolean":
$query .= $separator . Database::queryBoolean($data->{$field[0]});
break;
case "number":
case "decimal":
case "hidden":
$query .= $separator . Database::queryNumber($data->{$field[0]});
break;
case "date":
$query .= $separator . Database::queryDate($data->{$field[0]});
break;
case "picklist":
$query .= $separator . Database::queryString($data->{$field[0]});
break;
case "linkedentity":
$query .= $separator . Database::queryNumber($data->{$field[0]});
break;
case "linkedentities":
case "childentities":
// if childentity field is not specified, then don't mess with children; only if child array is specific (even if any)
$handle = is_array($data->{$field[0]});
if ($handle) {
// a little extra overhead here, but due to sort/sequence keys, etc., don't want to blow away and replace unless we have to
// first, determine whether linkedentities list is different
$peekquery = "call get" . ucfirst($field[0]) . "By" . $this->getName() . 'Id(' . Database::queryNumber($id) . ',' . Database::queryNumber($this->tenantid) . ',' . Database::queryNumber($this->userid) . ');';
$results = Database::executeQuery($peekquery);
$currentSet = array();
$debug = '';
while ($row = $results->fetch_assoc()) {
array_push($currentSet, intval($row["id"]));
$debug .= $row["id"] . '-';
}
$newSet = array();
$debug .= '|';
if (is_array($data->{$field[0]})) {
$children = $data->{$field[0]};
foreach ($children as $c) {
array_push($newSet, $c->id);
$debug .= $c->id . '-';
}
}
Log::debug('SETS: ' . $debug, 5);
// first, determine whether we need to remove children
for ($i = 0; $i < count($currentSet); $i++) {
if (!in_array($currentSet[$i], $newSet)) {
// one of the old children is not in new set; for now, we'll remove all
$procname = $this->getRemoveChildrenProcName($field[0]);
array_push($followOnQueries, 'call ' . $procname . '(' . $id . ',' . $this->tenantid . ');');
// blank current set so all children get re-added
$currentSet = array();
break;
}
if ($currentSet[$i] != $newSet[$i]) {
// the sequence of the members has changed; for now, we'll remove them all, too
// may want more nuanced handling of this in the future if these sets get big or complex
$procname = $this->getRemoveChildrenProcName($field[0]);
array_push($followOnQueries, 'call ' . $procname . '(' . $id . ',' . $this->tenantid . ');');
// blank current set so all children get re-added
$currentSet = array();
break;
}
}
// now, determine which children need to be added
if (is_array($data->{$field[0]})) {
$children = $data->{$field[0]};
foreach ($children as $c) {
if (!in_array($c->id, $currentSet)) {
// this child isn't present. Will need to add
$procname = $this->getAddChildProcName($field[2]);
array_push($followOnQueries, 'call ' . $procname . '(' . $id . ',' . $c->id . ',' . $this->tenantid . ');');
}
}
}
}
break;
case "propertybag":
$propertyBag = serialize($data->{$field[0]});
$query .= $separator . Database::queryString($propertyBag);
break;
case "custom":
$query .= $separator . $this->getCustomValue($field[0], $data->{$field[0]}, 'update');
}
$separator = ", ";
}
// assume tenantid is always needed and is last parameter (or 2nd to last if user required)
$query .= $separator . Database::queryNumber($this->tenantid);
$separator = ", ";
// add userid if object hasOwner
if ($this->hasOwner()) {
$query .= $separator . Database::queryNumber($this->userid);
}
$query .= ')';
Log::debug('Pushing query ' . $query, 1);
array_push($queries, $query);
// handle user-defined properties
if ($this->hasProperties()) {
// remove all properties for object - if not specified in the data, assume it's not longer a valid property
array_push($queries, $this->getDeletePropertiesSQL($id));
// get array of properties allowed for this entity & tenant
$keys = $this->getPropertyKeys();
foreach ($keys as $key) {
// determine whether data contains a value for this key - field will be prepended with PROP
if (property_exists($data, 'PROP-' . $key[0])) {
// only save if not empty - that's the MO for now
$val = $data->{'PROP-' . $key[0]};
if (strlen($val) > 0) {
array_push($queries, $this->getSavePropertySQL($id, $key[0], $data->{'PROP-' . $key[0]}));
}
}
}
}
// add follow-one queries for child entities
foreach ($followOnQueries as $q) {
array_push($queries, $q);
}
Database::executeQueriesInTransaction($queries);
return true;
}
public static function getList($listID, $tenantID, $userID)
{
// putting this into the Utility class as a future wrapper
// currently, some lists are hard-coded (like states—-things unlikely to change much)
// others are retrieved from database
// in future, need to add caching here since many of these lists will be slowly-changing at best
// also, this is now very application specific and needs to get moved out of Utility to some sort
// of list server object
$return = array();
switch ($listID) {
case "states":
$states = array("", "AK", "AL", "AZ", "CA", "CO", "CT", "DC", "DE", "FL", "GA", "HI", "ID", "IA", "IL", "IN", "KS", "KY", "LA", "MA", "MD", "ME", "MI", "MO", "MS", "NC", "ND", "NE", "NJ", "NM", "NV", "NY", "OH", "OK", "OR", "PA", "RI", "SC", "SD", "TN", "TX", "UT", "VA", "VT", "WA", "WI", "WY");
// for states, we want to use the abbreviation as both display and data value, so create multi
foreach ($states as $state) {
$return[] = array($state, $state);
}
break;
case "addressType":
$query = "select id,type from addressType where tenantID=" . Database::queryNumber($tenantID);
$result = Database::executeQuery($query);
while ($r = mysqli_fetch_array($result, MYSQLI_NUM)) {
$return[] = $r;
}
break;
case "tenants":
if ($userID == 1) {
$query = "select id,name from tenant";
} else {
$query = "select * from tenant T\n inner join tenantUser TU on TU.tenantid=T.id\n inner join tenantUserRole TUR on TUR.tenantuserid=TU.id\n inner join role R on R.id=TUR.roleid\n where R.name='admin'\n and TU.userid=" . Database::queryNumber($userID) . ";";
}
$result = Database::executeQuery($query);
while ($r = mysqli_fetch_array($result, MYSQLI_NUM)) {
$return[] = $r;
}
break;
case "roles":
$query = "select name from role;";
$result = Database::executeQuery($query);
while ($r = mysqli_fetch_array($result, MYSQLI_NUM)) {
$return[] = $r[0];
}
break;
case "categories":
$query = "call getCategories(" . $tenantID . ")";
$result = Database::executeQuery($query);
while ($r = mysqli_fetch_assoc($result)) {
$return[] = $r;
}
break;
case "units":
$units = array("gallon", "liter", "milliliter", "ounces", "pint", "quart");
foreach ($units as $unit) {
$return[] = array($unit, $unit);
}
break;
case "distilleries":
Utility::debug('retrieving distilleries list: ' . $tenantID, 5);
$query = "call getDistilleries(" . $tenantID . ");";
$distilleries = Database::executeQuery($query);
while ($r = mysqli_fetch_array($distilleries, MYSQLI_NUM)) {
$return[] = $r;
}
break;
case "spirit_categories":
Utility::debug('retrieving spirit categories . . .', 5);
$query = "select C.id,C.name from category C inner join categoryType CT on C.categorytypeid=CT.id where CT.name='spirit' and C.tenantID=" . $tenantID . " order by C.name;";
$categories = Database::executeQuery($query);
while ($r = mysqli_fetch_array($categories, MYSQLI_NUM)) {
$return[] = $r;
}
break;
case "categorytypes":
Utility::debug('retrieving categorytypes . . .', 5);
$query = "select id,name from categoryType";
$types = Database::executeQuery($query);
while ($r = mysqli_fetch_array($types, MYSQLI_NUM)) {
$return[] = $r;
}
break;
case "locationStatus":
// Pending: will be displayed only to certain roles (for now, admins), as they are locations waiting visits and write-ups
$status_values = array("Active", "Closed", "Temporarily Closed", "Unknown", "Pending", "Coming Soon");
foreach ($status_values as $unit) {
$return[] = array($unit, $unit);
}
break;
case "locationProperty":
// will need to be more dynamic in future to allow for tenant-specific lists and admin capability for adding
// but for now we'll use a hardcoded list
$values = array("Date Founded", "Cooking Method");
foreach ($values as $unit) {
$return[] = array($unit, $unit);
}
break;
case "entities":
// list of system entities that can be managed/expanded with categories, entity lists, etc.
$values = array("location", "product");
foreach ($values as $entity) {
$return[] = array($entity, $entity);
}
break;
case "entityListTypes":
// types of entity lists support; currently only "static" (i.e. defined by set members in a table); in future should
// support "dynamic" (i.e. list defined by a query)
$values = array("static");
foreach ($values as $entity) {
$return[] = array($entity, $entity);
}
break;
case "collectionTypes":
$types = array("product");
foreach ($types as $type) {
$return[] = array($type, $type);
}
break;
case "featureStatus":
// list of system entities that can be managed/expanded with categories, entity lists, etc.
$values = array("Draft", "Awaiting Review", "Published");
foreach ($values as $entity) {
$return[] = array($entity, $entity);
}
break;
case "assignmentStatus":
// list of system entities that can be managed/expanded with categories, entity lists, etc.
$values = array("Unassigned", "Assigned", "Complete");
foreach ($values as $entity) {
$return[] = array($entity, $entity);
}
break;
case "assignmentType":
// list of system entities that can be managed/expanded with categories, entity lists, etc.
$values = array("Feature", "Other");
foreach ($values as $entity) {
$return[] = array($entity, $entity);
}
break;
case "authorList":
Utility::debug('retrieving author list . . .', 5);
$query = "call getAuthorListByTenant(" . Database::queryNumber($tenantID) . ")";
$types = Database::executeQuery($query);
$return[] = array(null, "-- none --", null, null);
while ($r = mysqli_fetch_array($types, MYSQLI_NUM)) {
$return[] = $r;
}
break;
default:
Log::debug("Utility:getList() called with unknown list type:" . $listID, 10);
return false;
}
return $return;
}
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, True);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_VERBOSE, True);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: token ' . Config::$github_token));
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_USERAGENT, 'Food Finder');
Utility::debug('Posting issue via cUrl (url=' . $url . ')', 1);
$response = curl_exec($ch);
$error = '';
if ($error = curl_error($ch)) {
Utility::debug('cUrl exception:' . $error, 9);
}
curl_close($ch);
if ($error) {
Service::returnError('Unable to post issue to GitHub: ' . $error, 500);
} else {
Utility::debug('Issue service call completed successfully.', 5);
$returnData = json_decode($response);
if (array_key_exists('number', $returnData)) {
$response = json_encode(array("id" => $returnData->{"number"}));
} else {
Service::returnError('Unable to log issue. Response from repositor: ' . $response);
}
//http_response_code(200);
Service::returnJSON($response);
}
} else {
Service::returnError('Unsupported method.', 400, 'issue');
}
}
$response = '{"id":' . json_encode($newID) . "}";
Utility::debug('Endorsement added: ID=' . $newID, 5);
header('Content-Type: application/json');
echo $response;
}
} else {
// this is an existing record: update
// to do: add data validations
Utility::debug('Updating link', 5);
echo 'Unable to uodate link: method is not yet implemented';
header(' ', true, 500);
}
} elseif ($_SERVER['REQUEST_METHOD'] == "DELETE") {
$json = file_get_contents('php://input');
$data = json_decode($json);
// to do: got to figure out how to secure this sucker
$id = $data->{'id'};
if (!$id > 0) {
echo 'Unable to delete link: an ID is required';
header(' ', true, 400);
die;
}
Utility::debug('Deleting link id=' . $id, 5);
$query = "call deleteLocationLink(" . Database::queryNumber($id);
$query .= "," . Database::queryNumber($tenantID);
$query .= ')';
$result = Database::executeQuery($query);
} else {
echo "Unsupported HTTP method.";
}
} else {
// this is an existing record: update
Utility::debug('Saving ' . $type . ' record with id=' . $id, 5);
$result = false;
try {
$result = $class->updateEntity($id, $data, $tenantID);
} catch (Exception $ex) {
header(' ', true, 500);
echo 'Unable to save ' . $type . ':' . $ex->getMessage();
die;
}
if (!$result) {
header(' ', true, 500);
echo 'Unable to save ' . $type;
} else {
Utility::debug($type . ' updated.', 5);
$response = '{"id":' . json_encode($id) . "}";
header('Content-Type: application/json');
echo $response;
}
}
break;
default:
Service::returnError('Invalid action: ' . $action);
}
} elseif ($_SERVER['REQUEST_METHOD'] == "PUT") {
$reset = $_GET["reset"];
$id = $_GET["id"];
$class = new User($id, $tenantID);
if (!$user->userCanEdit($id, $class)) {
Service::returnError('Access denied.', 403);
$query .= "," . Database::queryString($data->{'googleReference'});
$query .= "," . Database::queryString($data->{'googlePlacesId'});
$query .= "," . Database::queryNumber($data->{'tenantid'});
$query .= ')';
try {
$result = Database::executeQuery($query);
} catch (Exception $e) {
$result = false;
if ($debug > 0) {
// don't reveal errors unless in debug mode
$errMessage = $e->getMessage();
} else {
$errMessage = 'Unknown error.';
}
}
if (!$result) {
header(' ', true, 500);
echo 'Unable to save location. ' . $errMessage;
} else {
Utility::debug('Location updated.', 5);
$newID = $data->{'id'};
$response = '{"id":' . json_encode($newID) . "}";
header('Content-Type: application/json');
echo $response;
}
}
//echo $json["name"];
//header(' ', true, 400);
} else {
echo "Unsupported HTTP method.";
}
Utility::debug('Form service invoked for type:' . $type . ', method=' . $_SERVER['REQUEST_METHOD'], 5);
$coretypes = array('tenant', 'tenantSetting', 'tenantProperty', 'category', 'menuItem', 'page', 'content', 'tenantContent', 'entityList');
if (!in_array($type, $coretypes, false) && !in_array($type, Application::$knowntypes, false)) {
// unrecognized type requested can't do much from here.
Service::returnError('Unknown type: ' . $type, 400, 'entityService?type=' . $type);
}
$classpath = Config::$root_path . '/classes/';
if (in_array($type, $coretypes, false)) {
// core types will be in core path as configured in config.php
$classpath = Config::$core_path . '/classes/';
}
// include appropriate dataEntity class & then instantiate it
$classfile = $classpath . $type . '.php';
if (!file_exists($classfile)) {
header(' ', true, 500);
Utility::debug('Unable to instantiate class for ' . $type . ' Classfile does not exist. Looking for: ' . $classfile, 9);
echo 'Internal error. Unable to process entity.';
die;
}
include_once $classfile;
$classname = ucfirst($type);
// class names start with uppercase
$class = new $classname($userID, $tenantID);
$id = 0;
if (isset($_GET["id"])) {
$id = $_GET["id"];
}
$parentid = Utility::getRequestVariable('parentid', 0);
$entity = '';
if ($id > 0) {
try {
$query = "call getLocationById(" . $id . "," . $tenantID . "," . $userID . ")";
$data = Database::executeQuery($query);
if (!$data) {
$id = 0;
} else {
while ($o = mysqli_fetch_object($data)) {
$location = $o;
Utility::debug('Retrieved data for ' . $location->name, 5);
}
}
}
if ($id == 0 && $mode != 'edit') {
Utility::debug('Location.php called with no id and non-edit mode', 1);
Utility::errorRedirect("Unable to load location: no location specified in request.");
} else {
Utility::debug('Rendering location.php for location ID=' . $id, 5);
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Location</title>
<?php
include "partials/includes.php";
?>
<script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?libraries=places&sensor=false"></script>
<script type="text/javascript" src="js/validator.js"></script>
<script src="js/location.js"></script>
echo "<h1>Client example</h1>";
echo "<p>The following calls are some example of how can you use the restful webservice!</p>";
//Example of auth method - This method returns the token
echo "<h2 style='color:green;'>[POST] Service route: /user/auth</h2>";
$auth = $serviceRequest->post("/user/auth", ["email" => "*****@*****.**", "password" => "123456"], null, false);
Utility::debug($auth);
//Set the token for authenticated methods
$userToken = $auth->payload->data->token;
//Example of get request to an unauthenticated route to list user
echo "<h2 style='color:green;'>[GET] Service route: /user/list_user [TOKEN: {$userToken}]</h2>";
$listUser = $serviceRequest->get("/user/list_user", null, null, false);
Utility::debug($listUser);
//Example of get request to an unauthenticated route to read single user
echo "<h2 style='color:green;'>[GET] Service route: /user/read_user [TOKEN: {$userToken}]</h2>";
$readUser = $serviceRequest->get("/user/read_user", ["id" => 1], null, false);
Utility::debug($readUser);
//Example of post request to an authenticated route to create an user
echo "<h2 style='color:green;'>[POST] Service: /user/create [TOKEN: {$userToken}]</h2>";
$create = $serviceRequest->post("/user/create", ["name" => "Darth Vader", "email" => "*****@*****.**", "password" => "123456"], $userToken, false);
Utility::debug($create);
//Example of put request to an authenticated route to update an user
echo "<h2 style='color:green;'>[PUT] Service route: /user/update [TOKEN: {$userToken}]</h2>";
$update = $serviceRequest->put("/user/update", ["id" => 1, "name" => "Luke Skywalker"], $userToken, false);
Utility::debug($update);
//Example of delete request to an authenticated route to delete an user
echo "<h2 style='color:green;'>[DELETE] Service route: /user/delete [TOKEN: {$userToken}]</h2>";
$delete = $serviceRequest->delete("/user/delete", ["id" => 2], $userToken, false);
Utility::debug($delete);
} catch (Exception $e) {
throw $e;
}
header(' ', true, 400);
die;
}
if ($action == 'cancel') {
Utility::debug('Canceling batch ' . $batchId . '...', 5);
$result = Utility::cancelBatch($batchId, $tenantID, $userID);
if (!$result) {
echo 'Unable to cancel batch.';
header(' ', true, 404);
} else {
$response = '{"status": "canceled"}';
header('Content-Type: application/json');
echo $response;
}
} else {
Utility::debug('Checking batch status for batch ' . $batchId, 9);
$result = Utility::getBatchStatus($batchId, $tenantID, $userID);
if (!$result) {
echo 'Batch status not found.';
header(' ', true, 404);
} else {
if ($r = mysqli_fetch_array($result)) {
$status = $r[2];
$items = $r[5];
$processed = $r[6];
$response = '{"status":' . json_encode($status) . ", ";
$response .= ' "items":' . json_encode($items) . ",";
$response .= ' "processed":' . json_encode($processed) . "}";
header('Content-Type: application/json');
echo $response;
} else {
if (!isset($_SESSION['userID'])) {
// set ID to 0 to indicate unauthenticated user
$_SESSION['userID'] = 0;
$userID = 0;
} else {
$userID = $_SESSION['userID'];
}
Log::debug('instantiating new user for userID=' . $userID, 1);
$user = new User($userID, $tenantID);
Context::$currentUser = $user;
if ($newsession) {
Log::startSession(session_id(), $tenantID, $userID);
}
if ($userID > 0 && !$user->canAccessTenant($tenantID)) {
Log::debug('Unauthorized user attempted to access tenant page. (user='******', tenant=' . $tenantID . ')', 9);
header('HTTP/1.0 403 Forbidden');
echo '<p>You are not allowed to access this resource.</p>';
exit;
} elseif ($userID == 0) {
// TO DO: check whether tenant allows anonymous access
// for now, assume that they all do
$allowAnon = Utility::getTenantProperty($applicationID, $tenantID, $userID, 'allowAnonAccess');
if (!$allowAnon && strtolower(basename($_SERVER['PHP_SELF'])) != 'login.php') {
//echo strtolower(basename($_SERVER['PHP_SELF']));
Log::debug('Unauthenticated user attempted to access tenant page. Redirecting to login. (tenant=' . $tenantID . ')', 9);
header('Location: Login.php?context=loginRequired');
die;
}
}
Utility::debug('pageCheck complete. (user='******', tenant=' . $tenantID . ')', 1);
$result = Database::executeQuery($query);
} catch (Exception $e) {
if ($debug > 0) {
// don't reveal errors unless in debug mode
$errMessage = $e->getMessage();
}
}
if (!$result) {
Utility::debug("Unable to save location/place #: " . $count . ". " . $errMessage, 5);
$exceptions[] = $errMessage;
$exceptionCount++;
} else {
$newID = 0;
while ($r = mysqli_fetch_array($result)) {
$newID = $r[0];
}
$response = '{"id":' . json_encode($newID) . "}";
Utility::debug('Location added: ID=' . $newID, 5);
}
}
if (!Utility::updateBatch($batchid, $count, $tenantid)) {
Utility::debug('Unable to update batch status. Assuming canceled batch and halting processing.', 3);
$canceled = true;
break;
}
}
if (!$canceled) {
Utility::finshBatch($batchid, $itemscomplete, $tenantid);
}
Utility::debug('Batch process complete.', 5);
