public static function getQuery($query, $extends = null, $id = "") { $table = $query["TABLE"]; $query = ArrestDB::PrepareQueryGET($query, false); $result = ArrestDB::Query($query); if ($result === false || count($result) == 0) { return null; } else { if (isset($result[0])) { foreach ($result as $k => $object) { $result[$k]["__table"] = $table; } } else { $result["__table"] = $table; } } if (isset($extends) === true) { $extends = explode(",", $extends); try { $result = ArrestDB::Extend($result, $extends); } catch (Exception $e) { $result = ArrestDB::$HTTP[$e->getCode()]; $result["error"]["detail"] = $e->getMessage(); return ArrestDB::Reply($result); } } if (function_exists("ArrestDB_postProcess")) { $result = ArrestDB_postProcess('GET', $table, $id, $result); } return ArrestDB::ObfuscateId($result); }
*/ //This is an example where authorization is requiered for all tables except for CategoryVisible that is always authorized ArrestDBConfig::auth(["table" => "Category"], function ($method, $table, $id) { return true; }); ArrestDBConfig::auth([], function ($method, $table, $id) { global $user; if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } else { $user = $_SERVER['PHP_AUTH_USER']; $pass = sha1($_SERVER['PHP_AUTH_PW']); $query = ArrestDB::PrepareQueryGET(["TABLE" => "User", "WHERE" => ["email='{$user}'", "password='******'"]]); $result = ArrestDB::Query($query); if (count($result) == 0) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } $user = $result[0]; return true; } }); /* ALLOW (OPTIONAL) It's similar to auth but it's used in other cases when is checked out if it's allowed to execute a method over a table or function. Return true if is allowed. By default all is allowed
if (isset($_GET['order']) !== true) { $_GET['order'] = 'ASC'; } $query["ORDER BY"] = $_GET['by'] . " " . $_GET['order']; } if (isset($_GET['limit']) === true) { $query["LIMIT"] = $_GET['limit']; if (isset($_GET['offset']) === true) { $query["OFFSET"] = $_GET['offset']; } } } if (function_exists("ArrestDB_modify_query")) { $query = ArrestDB_modify_query("GET", $table, $id, $query); } $query = ArrestDB::PrepareQueryGET($query); $result = isset($id) === true ? ArrestDB::Query($query, $id) : ArrestDB::Query($query); if ($result === false) { return ArrestDB::Reply(ArrestDB::$HTTP[404]); } else { if (empty($result) === true) { //return ArrestDB::Reply(ArrestDB::$HTTP[204]); return ArrestDB::Reply($result); } else { if (isset($id) === true) { $result = array_shift($result); } } } if (isset($result[0])) { foreach ($result as $k => $object) {