*/
//This is an example where authorization is requiered for all tables except for CategoryVisible that is always authorized
ArrestDBConfig::auth(["table" => "Category"], function ($method, $table, $id) {
return true;
});
ArrestDBConfig::auth([], function ($method, $table, $id) {
global $user;
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid Auth';
exit;
} else {
$user = $_SERVER['PHP_AUTH_USER'];
$pass = sha1($_SERVER['PHP_AUTH_PW']);
$query = ArrestDB::PrepareQueryGET(["TABLE" => "User", "WHERE" => ["email='{$user}'", "password='******'"]]);
$result = ArrestDB::Query($query);
if (count($result) == 0) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid Auth';
exit;
}
$user = $result[0];
return true;
}
});
/*
ALLOW (OPTIONAL)
It's similar to auth but it's used in other cases when is checked out if it's allowed to execute a method over a table or function. Return true if is allowed. By default all is allowed
}
});
ArrestDBConfig::auth([], function ($method, $table, $id) {
global $user;
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="Metabrain Project API"');
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid Auth';
exit;
} else {
//Prepare params
$user = $_SERVER['PHP_AUTH_USER'];
//$pass=sha1($_SERVER['PHP_AUTH_PW']);
$pass = md5($_SERVER['PHP_AUTH_PW']);
//Prepare query
$query = ArrestDB::PrepareQueryGET(["TABLE" => "user", "WHERE" => ["email='{$user}'", "password='******'"]]);
//Execute query
$result = ArrestDB::Query($query);
//Check if thereis one result
if (count($result) == 0) {
header('WWW-Authenticate: Basic realm="Metabrain Project API"');
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid Auth';
exit;
}
//Set global user
$user = $result[0];
return true;
}
});
/*
ALLOW (OPTIONAL)
