public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 6) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("page"); // check link unique $options = array("amount" => 1); $search = array("column" => "link", "value" => isset($data["link"]) ? $data["link"] : ""); $count = $db->get_rows($search, $options); if ($count["count"] > 0) { $this->response(array("error" => "duplicate link found", "code" => 101), 'json', 409); } // copy the page $row = array("name" => $data["name"], "title" => $data["title"], "link" => $data["link"], "keywords" => $data["keywords"], "description" => $data["description"], "access_level" => (int) $data["access_level"], "theme" => $data["theme"], "json_settings" => $data["json_settings"], "active" => false); $new_page = $db->add_rows($row); $db->disconnect(); if ($new_page["count"] != 1) { $this->response(null, null, 400); } // next lets get all the page content for page we are copying $db->connect("page_content"); $search = array("column" => "page_id", "value" => $data["id"]); $page_content = $db->get_rows($search); // now copy if any found if ($page_content["count"] > 0) { $new_rows = array(); foreach ($page_content["result"] as $row) { $new_row = array(); foreach ($row as $key => $col) { if ($key == "id") { continue; } else { if ($key == "page_id") { $new_row[$key] = $new_page["result"][0]["id"]; } else { $new_row[$key] = $col; } } } $new_rows[] = $new_row; } $db->add_rows($new_rows); } $db->disconnect(); // return the basic page details $this->response($new_page["result"][0], "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 6) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("page"); // check link unique $options = array("amount" => 1); $search = array("column" => "link", "value" => isset($data["link"]) ? $data["link"] : ""); $count = $db->get_rows($search, $options); if ($count["count"] > 0) { $this->response(array("error" => "duplicate link found", "code" => 101), 'json', 409); } $row = array("name" => $data["name"], "title" => $data["title"], "link" => $data["link"], "keywords" => $data["keywords"], "description" => $data["description"], "access_level" => (int) $data["access_level"], "active" => false); $result = $db->add_rows($row); $result = $result["result"][0]; $db->disconnect(); // return the basic user details $this->response($result, "json"); }
public function post($ext) { if ((int) $this->check_access() < 9) { $this->response(null, null, 401); } if (empty($ext)) { $this->response(null, null, 400); } $settings = array(); foreach ($ext["settings"] as $set) { $settings[$set["name"]] = $set["value"]; } $db = new RazorDB(); $db->connect("extension"); $options = array("amount" => 1); $search = array(array("column" => "extension", "value" => $ext["extension"]), array("column" => "type", "value" => $ext["type"]), array("column" => "handle", "value" => $ext["handle"])); $extension = $db->get_rows($search, $options); if ($extension["count"] == 1) { $db->edit_rows($search, array("json_settings" => json_encode($settings))); } else { // add new $row = array("extension" => $ext["extension"], "type" => $ext["type"], "handle" => $ext["handle"], "json_settings" => json_encode($settings), "user_id" => $this->user["id"], "access_level" => 0); $db->add_rows($row); } $db->disconnect(); $this->response("success", "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 9) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("setting"); if (isset($data["name"])) { $search = array("column" => "name", "value" => "name"); $res = $db->edit_rows($search, array("value" => $data["name"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "name", "value" => (string) $data["name"], "type" => "string")); } } if (isset($data["google_analytics_code"])) { $search = array("column" => "name", "value" => "google_analytics_code"); $res = $db->edit_rows($search, array("value" => $data["google_analytics_code"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "google_analytics_code", "value" => (string) $data["google_analytics_code"], "type" => "string")); } } if (isset($data["forgot_password_email"])) { $search = array("column" => "name", "value" => "forgot_password_email"); $res = $db->edit_rows($search, array("value" => (string) $data["forgot_password_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "forgot_password_email", "value" => (string) $data["forgot_password_email"], "type" => "string")); } } if (isset($data["allow_registration"])) { $search = array("column" => "name", "value" => "allow_registration"); $res = $db->edit_rows($search, array("value" => (string) $data["allow_registration"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "allow_registration", "value" => (string) $data["allow_registration"], "type" => "bool")); } } if (isset($data["manual_activation"])) { $search = array("column" => "name", "value" => "manual_activation"); $res = $db->edit_rows($search, array("value" => (string) $data["manual_activation"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "manual_activation", "value" => (string) $data["manual_activation"], "type" => "bool")); } } if (isset($data["registration_email"])) { $search = array("column" => "name", "value" => "registration_email"); $res = $db->edit_rows($search, array("value" => (string) $data["registration_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "registration_email", "value" => (string) $data["registration_email"], "type" => "string")); } } if (isset($data["activation_email"])) { $search = array("column" => "name", "value" => "activation_email"); $res = $db->edit_rows($search, array("value" => (string) $data["activation_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "activation_email", "value" => (string) $data["activation_email"], "type" => "string")); } } if (isset($data["activate_user_email"])) { $search = array("column" => "name", "value" => "activate_user_email"); $res = $db->edit_rows($search, array("value" => (string) $data["activate_user_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "activate_user_email", "value" => (string) $data["activate_user_email"], "type" => "string")); } } if (isset($data["cookie_message"])) { $search = array("column" => "name", "value" => "cookie_message"); $res = $db->edit_rows($search, array("value" => (string) $data["cookie_message"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "cookie_message", "value" => (string) $data["cookie_message"], "type" => "string")); } } if (isset($data["cookie_message_button"])) { $search = array("column" => "name", "value" => "cookie_message_button"); $res = $db->edit_rows($search, array("value" => (string) $data["cookie_message_button"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "cookie_message_button", "value" => (string) $data["cookie_message_button"], "type" => "string")); } } $db->disconnect(); $this->response("success", "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 10) { $this->response(null, null, 401); } // menu item $db = new RazorDB(); $db->connect("menu_item"); // 1. grab all menus in position order $options = array("order" => array("column" => "position", "direction" => "asc")); $search = array("column" => "id", "not" => true, "value" => null); $all_menu_items = $db->get_rows($search, $options); $all_menu_items = $all_menu_items["result"]; // 2. make flat arrays $new_menus_flat = array(); foreach ($data as $menu) { // set up menu item arrays if (!isset($new_menus_flat[$menu["id"]])) { $new_menus_flat[$menu["id"]] = array(); } foreach ($menu["menu_items"] as $mi) { if (isset($mi["id"])) { $new_menus_flat[$menu["id"]][] = $mi["id"]; } if (isset($mi["sub_menu"]) & !empty($mi["sub_menu"])) { foreach ($mi["sub_menu"] as $sub_menu_item) { if (isset($sub_menu_item["id"])) { $new_menus_flat[$menu["id"]][] = $sub_menu_item["id"]; } } } } } $current_menus_flat = array(); foreach ($all_menu_items as $ami) { // set up menu item arrays if (!isset($current_menus_flat[$ami["menu_id"]])) { $current_menus_flat[$ami["menu_id"]] = array(); } $current_menus_flat[$ami["menu_id"]][] = $ami["id"]; // at same time remove any items missing if (!in_array($ami["id"], $new_menus_flat[$ami["menu_id"]])) { $db->delete_rows(array("column" => "id", "value" => (int) $ami["id"])); } } // 3. update all of sent menu data, by looping through the new $data foreach ($data as $new_menu) { $pos = 1; // each menu foreach ($new_menu["menu_items"] as $nmi) { if (isset($nmi["id"]) && in_array($nmi["id"], $current_menus_flat[$new_menu["id"]])) { // update menu item $search = array("column" => "id", "value" => $nmi["id"]); $db->edit_rows($search, array("position" => $pos)); } else { // add new item $row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 1, "page_id" => $nmi["page_id"], "link_id" => 0); $db->add_rows($row); } $pos++; // now check for sub menu if (isset($nmi["sub_menu"]) && !empty($nmi["sub_menu"])) { foreach ($nmi["sub_menu"] as $nsmi) { if (isset($nsmi["id"]) && in_array($nsmi["id"], $current_menus_flat[$new_menu["id"]])) { // update menu item $search = array("column" => "id", "value" => $nsmi["id"]); $db->edit_rows($search, array("position" => $pos)); } else { // add new item $row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 2, "page_id" => $nsmi["page_id"], "link_id" => 0); $db->add_rows($row); } $pos++; } } } } $db->disconnect(); $this->response("success", "json"); }
private function add_new_menu($loc) { // check if menu exists in db, if yes return false to carry on if (in_array($loc, $this->all_menus)) { return false; } // create new menu $db = new RazorDB(); $db->connect("menu"); $db->add_rows(array("name" => $loc)); $db->disconnect(); return true; }
public function post($data) { // are we accepting registrations $db = new RazorDB(); // get menu data too $db->connect("setting"); $allow = $db->get_rows(array("column" => "name", "value" => "allow_registration")); $manual = $db->get_rows(array("column" => "name", "value" => "manual_activation")); $registration_email = $db->get_rows(array("column" => "name", "value" => "registration_email")); $activation_email = $db->get_rows(array("column" => "name", "value" => "activation_email")); $activate_user_email = $db->get_rows(array("column" => "name", "value" => "activate_user_email")); $db->disconnect(); if (!isset($allow["result"][0]["value"]) || !$allow["result"][0]["value"]) { $this->response(null, null, 405); } // verify form is coming from site and that human has sent it // Check details if (!isset($_SERVER["REMOTE_ADDR"], $_SERVER["HTTP_USER_AGENT"], $_SERVER["HTTP_REFERER"], $_SESSION["signature"])) { $this->response(null, null, 400); } if (empty($_SERVER["REMOTE_ADDR"]) || empty($_SERVER["HTTP_USER_AGENT"]) || empty($_SERVER["HTTP_REFERER"]) || empty($_SESSION["signature"])) { $this->response(null, null, 400); } // check referer matches the site if (strpos($_SERVER["HTTP_REFERER"], RAZOR_BASE_URL) !== 0) { $this->response(null, null, 400); } // check data if (!isset($data["signature"], $data["name"], $data["email_address"], $data["new_password"])) { $this->response(null, null, 400); } if (empty($data["signature"]) || empty($data["name"]) || empty($data["email_address"]) || empty($data["new_password"])) { $this->response(null, null, 400); } if (!isset($data["human"]) || !empty($data["human"])) { $this->response("robot", "json", 406); } // get signature and compare to session if ($_SESSION["signature"] !== $data["signature"]) { $this->response(null, null, 400); } unset($_SESSION["signature"]); session_destroy(); // now we know registrations allowed, form came from website etc so lets check email unique and proceed with adding user $db->connect("user"); // check email is unique $search = array("column" => "email_address", "value" => $data["email_address"]); $user = $db->get_rows($search); if ($user["count"] > 0) { $this->response(null, null, 409); } // create new user $password = $this->create_hash($data["new_password"]); $row = array("name" => $data["name"], "email_address" => $data["email_address"], "access_level" => 1, "active" => false, "password" => $this->create_hash($data["new_password"])); $activate_link = ""; if (!$manual["result"][0]["value"]) { $activate_token = sha1($_SERVER["HTTP_USER_AGENT"] . $_SERVER["REMOTE_ADDR"] . $password); $row["activate_token"] = $activate_token; $activate_link = RAZOR_BASE_URL . "rars/user/activate/{$activate_token}"; } $db->add_rows($row); $db->disconnect(); $server_email = str_replace("www.", "", $_SERVER["SERVER_NAME"]); // email text replacement $search = array("**server_name**", "**user_email**", "**activation_link**"); $replace = array($_SERVER["SERVER_NAME"], $data["email_address"], $activate_link); if ($manual["result"][0]["value"]) { // send notifcation of registration and activation is manual to user $message1 = str_replace($search, $replace, $registration_email["result"][0]["value"]); $this->email("no-reply@{$server_email}", $data["email_address"], "{$_SERVER["SERVER_NAME"]} Account Registered", $message1); // send notifcation to super admin email that someone has registered and needs activation $db->connect("user"); $res = $db->get_rows(array("column" => "id", "value" => 1)); $super_email = $res["result"][0]["email_address"]; $db->disconnect(); $message2 = str_replace($search, $replace, $activate_user_email["result"][0]["value"]); $this->email("no-reply@{$server_email}", $super_email, "{$_SERVER["SERVER_NAME"]} Account Registered", $message2); } else { $message3 = str_replace($search, $replace, $activation_email["result"][0]["value"]); $this->email("no-reply@{$server_email}", $data["email_address"], "{$_SERVER["SERVER_NAME"]} Account Activation", $message3); } $this->response(array("manual_activation" => $manual["result"][0]["value"]), "json"); }
public function login($data) { // check if email set if (!isset($data["username"])) { throw new Exception("No Login username"); } if (!isset($data["password"])) { throw new Exception("No Login password"); } $ip_address = preg_replace("/[^0-9.]/", '', substr($_SERVER["REMOTE_ADDR"], 0, 50)); $user_agent = preg_replace("/[^0-9a-zA-Z.:;-_]/", '', substr($_SERVER["HTTP_USER_AGENT"], 0, 250)); // check ban list if active before doing anything else if (RARS_ACCESS_BAN_ATTEMPS > 0) { // find banned rows $db = new RazorDB(); $db->connect("banned"); $search = array(array("column" => "ip_address", "value" => $ip_address), array("column" => "user_agent", "value" => $user_agent, "and" => true)); $count = $db->get_rows($search); $count = $count["count"]; $db->disconnect(); if ($count > 0) { return RazorAPI::response(array("message" => "Login failed: ip banned", "login_error_code" => 104), "json"); } } /* carry on with login */ // find user $db = new RazorDB(); $db->connect("user"); $search = array("column" => "email_address", "value" => $data["username"]); $options = array("amount" => 1); $res = $db->get_rows($search, $options); $db->disconnect(); // check user found if ($res["count"] != 1) { return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json"); } // grab user details $user = $res["result"][0]; // check if user is locked out here if (!empty($user["lock_until"]) && $user["lock_until"] > time()) { return RazorAPI::response(array("message" => "Login failed: user locked out please try later", "login_error_code" => 102, "time_left" => $user["lock_until"] - time()), "json"); } // check active user if (!$user["active"]) { return RazorAPI::response(array("message" => "Login failed: user not active", "login_error_code" => 103), "json"); } // now check if password ok (we need password first to get salt from it before we can check it), if not then send response if (RazorAPI::create_hash($data["password"], substr($user["password"], 0, strlen($user["password"]) / 2), 'sha1') !== $user["password"]) { // update failed attempts and lockout $db = new RazorDB(); $db->connect("user"); $search = array("column" => "id", "value" => $user["id"]); $changes = array("failed_attempts" => $user["failed_attempts"] + 1); if ($user["failed_attempts"] > 0 && $user["failed_attempts"] % RARS_ACCESS_ATTEMPTS == 0) { $changes["lock_until"] = time() + RARS_ACCESS_LOCKOUT; } $db->edit_rows($search, $changes); $db->disconnect(); // add to banned list if banned active and too many attempts if (RARS_ACCESS_BAN_ATTEMPS > 0 && $user["failed_attempts"] + 1 >= RARS_ACCESS_BAN_ATTEMPS) { $db = new RazorDB(); $db->connect("banned"); $row = array("ip_address" => $ip_address, "user_agent" => $user_agent); $db->add_rows($row); $db->disconnect(); } return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json"); } /* we are now authenticated, respond and send token back */ // need to create a token and last logged stamp and save it in the db $last_logged = time(); $pass_hash = $user["password"]; $token = sha1($last_logged . $user_agent . $ip_address . $pass_hash) . "_" . $user["id"]; // store last logged and reset lockout/attempts $db = new RazorDB(); $db->connect("user"); $search = array("column" => "id", "value" => $user["id"]); $changes = array("last_logged_in" => $last_logged, "last_accessed" => $last_logged, "failed_attempts" => 0, "lock_until" => null, "ip_address" => $ip_address); $db->edit_rows($search, $changes); $db->disconnect(); // collect user data $user = array("id" => $user["id"], "name" => $user["name"], "email_address" => $user["email_address"], "last_logged_in" => $user["last_logged_in"], "access_level" => $user["access_level"]); // setup response return RazorAPI::response(array("token" => $token, "user" => $user), "json"); }
public function post($data) { // check we have a logged in user if ((int) $this->check_access() < 1) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("user"); if (!isset($data["id"])) { // do you have access to make create new user if ($this->check_access() != 10) { $this->response(null, null, 401); } if (!isset($data["new_password"]) || empty($data["new_password"])) { $this->response(null, null, 400); } // check email is unique $search = array("column" => "email_address", "value" => $data["email_address"]); $user = $db->get_rows($search); if ($user["count"] > 0) { $this->response(null, null, 409); } // create new user $row = array("name" => $data["name"], "email_address" => $data["email_address"], "access_level" => (int) $data["access_level"] < 10 ? $data["access_level"] : 1, "active" => $data["active"], "password" => $this->create_hash($data["new_password"])); $db->add_rows($row); } elseif ($this->user["id"] == $data["id"]) { // check email is unique if changed if ($data["email_address"] != $this->user["email_address"]) { $search = array("column" => "email_address", "value" => $data["email_address"]); $user = $db->get_rows($search); if ($user["count"] > 0) { $this->response(null, null, 409); } } // if this is your account, alter name, email or password $search = array("column" => "id", "value" => $this->user["id"]); $row = array("name" => $data["name"], "email_address" => $data["email_address"]); if (isset($data["new_password"])) { $row["password"] = $this->create_hash($data["new_password"]); } $db->edit_rows($search, $row); // return the basic user details if (isset($data["new_password"])) { $this->response(array("reload" => true), "json"); } } elseif ($this->check_access() == 10) { // if not account owner, but acces of 10, alter access level or active // do not allow anyone to be set to level 10, only one account aloud if (isset($data["access_level"]) && $data["access_level"] == 10) { $this->response(null, null, 400); } $search = array("column" => "id", "value" => $data["id"]); $row = array("access_level" => $data["access_level"], "active" => $data["active"]); $db->edit_rows($search, $row); } else { $this->response(null, null, 401); } $db->disconnect(); $this->response("success", "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 10) { $this->response(null, null, 401); } if (!isset($data["content"])) { $this->response(null, null, 400); } // update content $db = new RazorDB(); $db->connect("content"); // update or add content $new_content_map = array(); foreach ($data["content"] as $key => $content) { if (!isset($content["content_id"]) || !isset($content["content"]) || empty($content["content"])) { unset($data["content"][$key]); continue; } if (stripos($content["content_id"], "new-") === false) { // update $search = array("column" => "id", "value" => $content["content_id"]); $db->edit_rows($search, array("content" => $content["content"], "name" => $content["name"])); } else { // add new content and map the ID to the new id for locations table $row = array("content" => $content["content"], "name" => $content["name"]); $result = $db->add_rows($row); $new_content_map[$content["content_id"]] = $result["result"][0]["id"]; } } $db->disconnect(); // update or add locations $db = new RazorDB(); $db->connect("page_content"); // 1. first take snapshot of current $search = array("column" => "page_id", "value" => (int) $data["page_id"]); $current_page_content = $db->get_rows($search); $current_page_content = $current_page_content["result"]; // 2. iterate through updating or adding, make a note of all id's $page_content_map = array(); foreach ($data["locations"] as $location => $columns) { foreach ($columns as $column => $blocks) { foreach ($blocks as $pos => $block) { if ($block["id"] != "new") { // update $search = array("column" => "id", "value" => $block["id"]); $row = array("location" => $location, "column" => (int) $column, "position" => $pos + 1, "json_settings" => json_encode($block["settings"])); if (isset($block["extension"])) { $row["extension"] = $block["extension"]; } $db->edit_rows($search, $row); $page_content_map[] = $block["id"]; } else { // add new, if new, add, if new but already present add, else add as ext $new_content_id = isset($block["content_id"], $new_content_map[$block["content_id"]]) ? $new_content_map[$block["content_id"]] : (isset($block["content_id"]) && is_numeric($block["content_id"]) ? $block["content_id"] : null); if (!empty($new_content_id) || isset($block["extension"])) { $row = array("page_id" => (int) $data["page_id"], "content_id" => $new_content_id, "location" => $location, "column" => (int) $column, "position" => $pos + 1); if (isset($block["extension"])) { $row["extension"] = $block["extension"]; $row["json_settings"] = isset($block["settings"]) ? json_encode($block["settings"]) : null; } $result = $db->add_rows($row); $page_content_map[] = $result["result"][0]; } } } } } // 3. run through id's affected against snapshot, if any missing, remove them. foreach ($current_page_content as $row) { if (!in_array($row["id"], $page_content_map)) { $db->delete_rows(array("column" => "id", "value" => (int) $row["id"])); } } $db->disconnect(); // return the basic user details $this->response("success", "json"); }