Esempio n. 1
0
    die($objectTools->JSONError(301));
}
if (!isset($_POST["t"])) {
    die($objectTools->JSONError(301));
}
$values = str_replace("'", '"', $values);
$values_split = explode(",", $values);
$fields_full = explode(",", $fields);
if (count($fields_full) != count($values_split)) {
    die($objectTools->JSONError(301));
}
/**
 * check the blacklist
 */
if (isset($fields)) {
    $exist = $blacklist->existItem("G", $_POST["t"], "*");
    if (!$exist) {
        $exist = $blacklist->existItem("G", $table, $fields);
    }
} else {
    $exist = $blacklist->existItem("G", $table, "*");
}
/**
 * If the query is not allowed -> die
 */
if ($exist) {
    die($objectTools->JSONError(401));
}
/**
 * Create the sql sentence with get parameters
 */
Esempio n. 2
0
 function postData($table, $post_parameters)
 {
     $blacklist = new BlackList();
     /**
      * check the blacklist
      */
     $values = "";
     $columns = "";
     $values_array = "";
     $columns_array = "";
     $first_iteration = true;
     $counter = 0;
     while (list($field, $value) = each($post_parameters)) {
         // Detect if it is a text or number
         $value = is_numeric($value) ? $value : "'" . $value . "'";
         // join the string with (,) ie: value1,value2,value3
         $values .= $first_iteration ? $value : "," . $value;
         $columns .= $first_iteration ? $field : "," . $field;
         $values_array[$counter] = $value;
         $columns_array[$counter] = $field;
         $first_iteration = false;
         $counter++;
     }
     if ($blacklist->existItem("G", $table, "*")) {
         die($this->JSONError(401));
     }
     if (!empty($post_parameters)) {
         for ($i = 0; $i < count($columns_array); $i++) {
             if ($blacklist->existItem("G", $table, $columns_array[$i])) {
                 die($this->JSONError(401));
             }
         }
     }
     /**
      * Create the sql sentence with the post parameters
      */
     if ($values != "") {
         $sql = "INSERT INTO {$table} ({$columns}) VALUES ({$values})";
     }
     $function = "json";
     if ($function == "json") {
         header('Content-Type: application/json');
         $result = $this->setDataBySQL($sql);
         if (!$result) {
             die($this->JSONError(303));
         }
         $indices = "";
         $rawdata = "";
         var_dump($columns_array);
         for ($i = 0; $i < count($columns_array); $i++) {
             $rawdata[0][$i] = $values_array[$i];
             $rawdata[0][$columns_array[$i]] = $values_array[$i];
             $indices[$i] = $columns_array[$i];
             $i++;
         }
         $json["data"] = $rawdata;
         $json["dbInfo"] = $indices;
         echo json_encode($json);
     } else {
         if ($function == "xml") {
         } else {
             die($this->JSONError(301));
         }
     }
 }
Esempio n. 3
0
 * @author   Alejandro Esquiva Rodríguez [@alex_esquiva] <*****@*****.**>
 * @license  Apache License, Version 2.0
 * @link     https://github.com/GeekyTheory/Automatic-API-REST
 */
include_once 'inc/functions.php';
require_once "inc/autentification.php";
$blacklist = new BlackList();
if (isset($_GET["a"])) {
    if ($_GET["a"] == "add") {
        $tool = new Tools();
        $fields = $tool->getFieldsByTable($_GET["table"]);
        $num_fields = count($fields);
        if ($_GET["column"] == "*") {
            //Get all columns from table
            for ($i = 0; $i < count($fields); $i++) {
                if (!$blacklist->existItem($_GET["type"], $_GET["table"], $fields[$i])) {
                    $blacklist->createItem($_GET["type"], $_GET["table"], $fields[$i]);
                }
            }
            $blacklist->createItem($_GET["type"], $_GET["table"], $_GET["column"]);
        } else {
            $blacklist->createItem($_GET["type"], $_GET["table"], $_GET["column"]);
            $num_fields_check = 0;
            for ($i = 0; $i < count($fields); $i++) {
                if ($blacklist->existItem($_GET["type"], $_GET["table"], $fields[$i])) {
                    $num_fields_check++;
                }
            }
            if ($num_fields == $num_fields_check) {
                //Añadimos *
                $blacklist->createItem($_GET["type"], $_GET["table"], "*");