Response::error(401, $_SERVER["SERVER_PROTOCOL"] . ' 401 Unauthorized (USER is missing required access rights). '); } if (!$feide->hasAdminScope()) { Response::error(401, $_SERVER["SERVER_PROTOCOL"] . ' 401 Unauthorized (CLIENT is missing required scope). '); } } /** * http://stackoverflow.com/questions/4861053/php-sanitize-values-of-a-array/4861211#4861211 */ function sanitizeInput() { $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING); $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING); } // -------------------- ./UTILS -------------------- // // ---------------------- MATCH AND EXECUTE REQUESTED ROUTE ---------------------- $match = $router->match(); if ($match && is_callable($match['target'])) { verifyOrgAccess(); sanitizeInput(); call_user_func_array($match['target'], $match['params']); } else { Response::error(404, $_SERVER["SERVER_PROTOCOL"] . " The requested resource [" . get_path_info() . "] could not be found."); } // ---------------------- /.MATCH AND EXECUTE REQUESTED ROUTE ---------------------- function get_path_info() { global $API_BASE_PATH; $requestUrl = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/'; return substr($requestUrl, strlen($API_BASE_PATH)); }
global $connect; Response::result($connect->getOrgFolderNav($orgFolderName)); }, 'Org subfolders in Shared Meetings folder'); /** * CREATE rooms from POSTED data (CSV, prefix and folder) */ $router->map('POST', '/rooms/create/', function () { verifyOrgAccess($_POST['user_org_shortname']); global $connect; Response::result($connect->createRooms($_POST)); }); /** * CREATE users from POSTED data */ $router->map('POST', '/users/create/', function () { verifyOrgAccess($_POST['user_org_shortname']); global $connect; Response::result($connect->createUsers($_POST)); }); // -------------------- UTILS -------------------- // // Make sure requested org name is the same as logged in user's org function verifyOrgAccess($orgName) { global $dataporten; if (strcasecmp($orgName, $dataporten->getUserOrg()) !== 0) { Response::error(401, $_SERVER["SERVER_PROTOCOL"] . ' 401 Unauthorized (request mismatch org/user). '); } } /** * *