function __construct() { // REQUIRED IN EXTENDED CLASS TO LOAD DEFAULTS parent::__construct(); session_start(); session_regenerate_id(); }
/** * REST POST - Change a users profile details, this requires a table called 'user' and 'banned' in your db with various fields as per header * @param $data The data to update the users profile with * @return message as complete or error */ public function post($data) { // check we have a logged in user if ((int) $this->user['access_level'] < 1) { $this->response('You do not have permission to perform that action', 'json', 401); } if (empty($data)) { $this->response('Invalid data', 'json', 400); } if ($this->user["id"] != $data["id"]) { $this->response('You do not have permission to alter that account', 'json', 401); } // check password $user_password_check = $this->rars_db->get_first('user', '*', array('id' => $this->user['id'])); if (!$user_password_check) { $this->response('Permission denied', 'json', 401); } if (RarsAPI::create_hash($data['password'], substr($user_password_check['password'], 0, strlen($user_password_check['password']) / 2), 'sha1') !== $user_password_check['password']) { $this->response('Permission denied, password incorrect', 'json', 401); } // check if we are doing a deletion if (isset($data['delete']) && $data['delete'] == 1) { $this->rars_db->delete_data('user', array('id' => $this->user['id'])); $this->response('Account deleted, logging you out...', 'json', 202); // reset content as deleted } // check email is unique if changed if ($data["email_address"] != $this->user["email_address"]) { $user_email_check = $this->rars_db->get_first('user', '*', array('email_address' => $data["email_address"])); if (!empty($user)) { $this->response('Email address already registered', 'json', 409); } } // if this is your account, alter name and email $row = array("name" => $data["name"], "email_address" => $data["email_address"]); if (isset($data["new_password"]) && !empty($data["new_password"])) { $row["password"] = $this->create_hash($data["new_password"]); } $this->rars_db->edit_data('user', $row, array('id' => $this->user['id'])); if (isset($row["password"])) { $this->response('User account updated, logging you out...', 'json', 202); } else { $this->response('User account updated', 'json'); } }
/** * Handle Error * Handles all errors and exceptions * * @param string $error_type Type of error * @param string $error_string Actual error string * @param string $error_file File error happened in * @param string $error_line Line error happened on * @return bool True on pass */ public function handle_error($error_type = "", $error_string = "", $error_file = "", $error_line = "") { $error_group = 'log'; // changeing log type to chrome php $type = ''; if (is_int($error_type)) { switch ($error_type) { case E_ERROR: // 1 // $error_group = 'error'; $type = 'E_ERROR'; break; case E_WARNING: // 2 // $error_group = 'warn'; $type = 'E_WARNING'; break; case E_PARSE: // 4 // $type = 'E_PARSE'; break; case E_NOTICE: // 8 // $type = 'E_NOTICE'; break; case E_CORE_ERROR: // 16 // $error_group = 'error'; $type = 'E_CORE_ERROR'; break; case E_CORE_WARNING: // 32 // $error_group = 'warn'; $type = 'E_CORE_WARNING'; break; case E_CORE_ERROR: // 64 // $error_group = 'error'; $type = 'E_COMPILE_ERROR'; break; case E_CORE_WARNING: // 128 // $error_group = 'warn'; $type = 'E_COMPILE_WARNING'; break; case E_USER_ERROR: // 256 // $error_group = 'error'; $type = 'E_USER_ERROR'; break; case E_USER_WARNING: // 512 // $error_group = 'warn'; $type = 'E_USER_WARNING'; break; case E_USER_NOTICE: // 1024 // $type = 'E_USER_NOTICE'; break; case E_STRICT: // 2048 // $type = 'E_STRICT'; break; case E_RECOVERABLE_ERROR: // 4096 // $error_group = 'error'; $type = 'E_RECOVERABLE_ERROR'; break; case E_DEPRECATED: // 8192 // $type = 'E_DEPRECATED'; break; case E_USER_DEPRECATED: // 16384 // $type = 'E_USER_DEPRECATED'; break; } } $error['error'] = $type; $error['type'] = $error_type; $error['file'] = $error_file; $error['line'] = $error_line; $error['string'] = $error_string; $error['group'] = $error_group; // log error self::log_error($error); // log error to chromephp self::chrome_php($error, false); // display error on screen self::display_error($error); if (class_exists("RarsAPI")) { RarsAPI::response(null, null, 500); } else { return true; } }
$path_parts = explode("/", $_GET["path"]); $filename = ""; $classname = ""; $found = false; $c = 0; foreach ($path_parts as $pp) { $c++; $filename .= "/" . preg_replace("/[^a-z0-9_-]/", '', strtolower($pp)); $classname .= ucfirst(preg_replace("/[^a-z0-9_]/", '', strtolower($pp))); if (is_file(RARS_BASE_PATH . "api{$filename}.php")) { $found = true; break; } } if (!$found) { RarsAPI::response(null, null, $code = 404); } // grab any data or id's data if ($method == "delete" || $method == "get") { $data = count($path_parts) == $c + 1 ? RarsAPI::clean_data($path_parts[$c]) : (count($path_parts) == $c + 2 ? RarsAPI::clean_data($path_parts[$c + 1]) : null); } else { $data = RarsAPI::clean_data(!empty($_POST) ? $_POST : json_decode(file_get_contents('php://input'))); } // load resource or throw error include RARS_BASE_PATH . "api{$filename}.php"; $resource = new $classname(); if (!method_exists($resource, $method)) { RarsAPI::response(null, null, $code = 405); } $response = $resource->{$method}($data); /* EOF */
function __construct() { // REQUIRED IN EXTENDED CLASS TO LOAD DEFAULTS parent::__construct(); }
/** * REST POST - Log in user, this requires a table called 'user' nad 'banned' in your db with various fields as per header * @param $data The login data via rest request containing 'username' and 'password', note username contains the email_address * @return array Basic user details of varified account against the username and password, also sets correct return Autherization header for token generated */ public function post($data) { // check if email set if (!isset($data["username"]) || !isset($data['password'])) { $this->response('Login failed: username or password missmatch', 'json', 401); } $ip_address = preg_replace("/[^0-9.]/", '', substr($_SERVER["REMOTE_ADDR"], 0, 50)); $user_agent = preg_replace("/[^0-9a-zA-Z.:;-_]/", '', substr($_SERVER["HTTP_USER_AGENT"], 0, 250)); // check ban list if active before doing anything else if (RARS_ACCESS_BAN_ATTEMPS > 0) { // find banned rows $banned = $this->rars_db->get_first('banned', '*', array('ip_address' => $ip_address, 'user_agent' => $user_agent)); if (!empty($banned)) { $this->response('Login failed: ip banned', 'json', 401); } } /* carry on with login */ // find user $user = $this->rars_db->get_first('user', '*', array('email_address' => $data['username'])); // check user found if (empty($user)) { $this->response('Login failed: username or password missmatch', 'json', 401); } // check if user is locked out here if (!empty($user['lock_until']) && strtotime($user['lock_until']) > time()) { $this->response('Login failed: user locked out please try later', 'json', 401); } // check active user if (!$user['active']) { $this->response('Login failed: user not active', 'json', 401); } // now check if password ok (we need password first to get salt from it before we can check it), if not then send response if (RarsAPI::create_hash($data['password'], substr($user['password'], 0, strlen($user['password']) / 2), 'sha1') !== $user['password']) { // data to update $update_data = array('failed_attempts' => $user['failed_attempts']++); if ($user['failed_attempts'] > 0 && $user['failed_attempts'] % RARS_ACCESS_ATTEMPTS == 0) { $update_data['lock_until'] = date('Y-m-d H:i:s', time() + RARS_ACCESS_LOCKOUT); } // update $this->rars_db->edit_data('user', $update_data, array('id' => $user['id'])); // add to banned list if banned active and too many attempts if (RARS_ACCESS_BAN_ATTEMPS > 0 && $user['failed_attempts'] + 1 >= RARS_ACCESS_BAN_ATTEMPS) { // add ip and agent to banned $this->rars_db->add_data('banned', array('ip_address' => $ip_address, 'user_agent' => $user_agent, 'created' => date('Y-m-d H:i:s', time()))); } $this->response('Login failed: username or password missmatch', 'json', 401); } /* we are now authenticated, respond and send token back */ // need to create a token and last logged stamp and save it in the db $last_logged = date('Y-m-d H:i:s', time()); $pass_hash = $user['password']; $token = sha1($last_logged . $user_agent . $ip_address . $pass_hash) . '_' . $user['id']; // update data $update_data = array('id' => $user['id'], 'last_logged_in' => $last_logged, 'last_accessed' => $last_logged, 'ip_address' => $ip_address); $user = $this->rars_db->edit_data('user', $update_data, array('id' => $user['id']), '*'); // collect user data $user_data = array('id' => $user[0]['id'], 'name' => $user[0]['name'], 'email_address' => $user[0]['email_address'], 'last_logged_in' => $user[0]['last_logged_in'], 'access_level' => $user[0]['access_level']); // setup response with authorization token $_SERVER['HTTP_AUTHORIZATION'] = $token; $this->response($user_data, 'json'); }
private static function xml($data) { $data = RarsAPI::clean_output($data); // build sitemap index $output = '<?xml version="1.0" encoding="UTF-8"?>'; $output .= $data; header('Content-Type: application/xml; charset=utf-8'); header("Cache-Control: no-cache, no-store, must-revalidate"); echo $output; exit; }