if ($query->count("*") > 0) { echo json_encode($result); } else { echo json_encode(array("status" => false, "message" => "cannot find your keyword {$key}")); } }); /* registation (admin restoran)*/ $app->post('/admin_restoran', function () use($app, $db) { require_once 'libs/PassHash.php'; verifyRequiredParams(array('restoran_id', 'admin_username', 'admin_email', 'admin_password')); $restoran_id = $app->request->post('restoran_id'); $admin_username = $app->request->post('admin_username'); $admin_email = $app->request->post('admin_email'); $admin_password = $app->request->post('admin_password'); $password_hash = PassHash::hash($admin_password); $admin_api = generateApiKey(); validateEmail($admin_email); $query = $db->admin_restoran->where("admin_username LIKE ?", $admin_email); if ($query->count("*") < 1) { $add = $db->admin_restoran->insert(array("restoran_id" => $restoran_id, "admin_username" => $admin_username, "admin_email" => $admin_email, "admin_password" => $password_hash, "admin_api" => $admin_api)); if ($add != null) { echo json_encode(array("status" => true, "message" => "success add new admin")); } else { echo json_encode(array("status" => false, "message" => "failed to add new admin")); } } else { echo json_encode(array("status" => false, "message" => "email is already exist")); } }); /* login (admin restoran)*/ $app->post('/admin_restoran', function () use($app, $db) {
/** * Dispatch function for POST /events * * Determines what the user is requesting -- for example, to add an * attachment or to create a new session -- and dispatches or handles. * * If a new event is requested, takes user input and turns it into an event, * including web call to Dialback provider, Event insertion, and API key * creation. * * @todo Why does event creation need to be JSON? Seemed like a good idea at * the time. Move to just HTTP POST fields. * * @todo Assumes web call for Dialback number succeeded. Add failure handling. * * @throws BadRequestException */ function api_EVENTS_POST_dispatch() { global $database; global $path; global $apiKey; switch (count($path)) { /** @noinspection PhpMissingBreakStatementInspection */ case 3: if ($path[2] != "") { $response = ['status' => ['code' => 400, 'message' => 'Bad Request'], 'error' => ['message' => 'Invalid Request Path']]; throw new BadRequestException($response); } /** @noinspection PhpMissingBreakStatementInspection */ /** @noinspection PhpMissingBreakStatementInspection */ case 2: $object2 = $path[1]; case 1: $session = $path[0]; break; case 0: break; default: $response = ['status' => ['code' => 400, 'message' => 'Bad Request'], 'error' => ['message' => 'Invalid Request Path']]; throw new BadRequestException($response); break; } $funcCall = str_replace("_dispatch", "", __FUNCTION__); if (isset($session) && strlen($session) > 0) { $funcCall = $funcCall . '_ID'; $parameter = $session; if (isset($object2) && strlen($object2) > 0) { $funcCall = $funcCall . '_' . strtoupper($object2); } } if ($funcCall != str_replace("_dispatch", "", __FUNCTION__)) { if (function_exists($funcCall)) { // Explicitly cast $action as a string to reassure the debugger. $funcCall = (string) $funcCall; if (isset($parameter)) { $funcCall($parameter); } else { $funcCall(); } } else { $response = ['status' => ['code' => 400, 'message' => 'Bad Request'], 'error' => ['message' => 'Unsupported API Request.']]; throw new BadRequestException($response); } } else { try { if (!($jsonRequest = json_decode($_POST['request'], true))) { throw new InvalidJsonException([$jsonRequest]); } $requiredFields = ['segment' => ['filter' => FILTER_VALIDATE_INT], 'phoneNumber' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['options' => ['regexp' => "/^\\+? ?[0-9 ]+\$/"]]], 'emailAddress' => ['filter' => FILTER_VALIDATE_EMAIL], 'state' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['options' => ['regexp' => "/^[A-Za-z ]{4,50}\$/"]]], 'latitude' => ['filter' => FILTER_VALIDATE_FLOAT], 'longitude' => ['filter' => FILTER_VALIDATE_FLOAT]]; foreach ($requiredFields as $key => $parameters) { if (!isset($jsonRequest[$key])) { throw new BadRequestException(["Required parameter `{$key}` is missing."]); } $value = $jsonRequest[$key]; $filter = $parameters['filter']; $options = isset($parameters['options']) ? $parameters['options'] : []; if (!filter_var($value, $filter, $options)) { throw new BadRequestException(["Parameter `{$key}`: Invalid value."]); } } $sqlQuery = <<<EOF SELECT productphoneserver FROM tbl__products INNER JOIN tbl__segments ON tbl__products.productkey=tbl__segments.productkey WHERE tbl__segments.segmentkey=? EOF; $dialbackQuery = $database->select($sqlQuery, [['i' => $jsonRequest['segment']]]); $data = ['emailaddress' => $jsonRequest['emailAddress'], 'phonenumber' => $jsonRequest['phoneNumber'], 'latitude' => $jsonRequest['latitude'], 'logitude' => $jsonRequest['longitude'], 'state' => $jsonRequest['state']]; // use key 'http' even if you send the request to https://... $options = array('http' => array('header' => "Content-type: \n application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data))); $dialbackNumber = file_get_contents($dialbackQuery[0]['productphoneserver'], false, stream_context_create($options)); if ($dialbackNumber === FALSE) { /* Handle error */ throw new NoDialbackNumberProvidedException([]); } $sqlQuery = <<<EOF INSERT INTO tbl__events ( session, segmentkey, phonenumber, emailaddress, latitude, longitude, state, dialbacknumber ) VALUES (?, ?, ?, ?, ?, ?, ?, ?) EOF; $sessionId = null; $eventQuery = null; $eventAdded = false; $attempts = 1; $i = 0; $lastError = null; do { try { $sessionId = generateSessionId(); $eventQuery = $database->insert($sqlQuery, [['s' => $sessionId], ['i' => $jsonRequest['segment']], ['s' => $jsonRequest['phoneNumber']], ['s' => $jsonRequest['emailAddress']], ['d' => $jsonRequest['latitude']], ['d' => $jsonRequest['longitude']], ['s' => $jsonRequest['state']], ['s' => $dialbackNumber]]); $eventAdded = true; } catch (DatabaseInsertQueryFailedException $e) { $lastError = print_r($e, true); } $i++; } while (!$eventAdded and $i <= $attempts); if (!$eventAdded) { throw new EventNotAddedException([$lastError]); } $sqlQuery = <<<EOF INSERT INTO tbl__apikeys ( expiration, scope, ALLOW_RENEW, ALLOW_UPLOAD, ALLOW_LIST, apikey, scopekey ) VALUES ( DATE_ADD(NOW(), INTERVAL 1 HOUR), 'EVENT', 1, 1, 1, ?, ? ) EOF; $apiKey = null; $scopeKey = (int) $eventQuery->insert_id; $apiKeyAdded = false; $attempts = 1; $i = 0; $apiKeyQuery = null; do { try { $apiKey = generateApiKey($sessionId); $apiKeyQuery = $database->insert($sqlQuery, [['s' => $apiKey], ['i' => $scopeKey]]); $apiKeyAdded = true; } catch (DatabaseInsertQueryFailedException $e) { $lastError = print_r($e, true); } $i++; } while (!$apiKeyAdded and $i <= $attempts); if (!$apiKeyAdded) { throw new ApiKeyNotAddedException([$lastError]); } $eventQuery->close(); $apiKeyQuery->close(); $response = ['data' => ['session' => $sessionId, 'dial' => $dialbackNumber, 'apiKey' => $apiKey], 'status' => ['code' => 201]]; sendResponse($response); } catch (Exception $e) { sendResponse($e); } } }