json_Begin();
// Do Actions //
switch ($REQUEST[0]) {
case 'set':
json_ValidateHTTPMethod('POST');
if (user_AuthIsAdmin()) {
json_EmitFatalError_NotImplemented(null, $RESPONSE);
/// @todo sanitize (don't let API create fields)
/// @todo Do a set
if (false) {
json_RespondCreated();
} else {
json_EmitFatalError_Server(null, $RESPONSE);
}
} else {
json_EmitFatalError_Permission(null, $RESPONSE);
}
break;
case 'get':
json_ValidateHTTPMethod('GET');
if (user_AuthIsAdmin()) {
$RESPONSE['global'] = $SH;
} else {
json_EmitFatalError_Permission(null, $RESPONSE);
}
break;
default:
json_EmitFatalError_Forbidden(null, $RESPONSE);
break;
}
json_End();
} else {
// Keys don't match. This may be an attempt to hijack the account, so destroy the key.
if (!user_AuthKeyClear($id)) {
json_EmitFatalError_Server("Unable to clear key", $RESPONSE);
}
json_EmitFatalError_Permission(null, $RESPONSE);
}
} else {
json_EmitFatalError_Permission(null, $RESPONSE);
}
} else {
json_EmitFatalError_BadRequest(null, $RESPONSE);
}
break;
case 'login':
json_ValidateHTTPMethod('POST');
$login = null;
$pw = null;
$secret = null;
// Confirm Arguments
if (isset($_POST['login'])) {
$login = coreSanitize_String($_POST['login']);
} else {
json_EmitFatalError_BadRequest("'login' not found in POST", $RESPONSE);
}
if (isset($_POST['pw'])) {
$pw = coreSanitize_String($_POST['pw']);
} else {
json_EmitFatalError_BadRequest("'pw' not found in POST", $RESPONSE);
}
if (isset($_POST['secret'])) {
