function user_controller()
{
global $session, $action, $format, $allowusersregister;
$output['content'] = "";
$output['message'] = "";
//--------------------------------------------------------------------------
// Login user (PUBLIC ACTION)
// http://yoursite/emoncms/user/login?name=john&pass=test
//--------------------------------------------------------------------------
if ($action == 'login') {
if (isset($_POST['name']) && isset($_POST['pass']) && ($_POST['name'] && $_POST['pass'])) {
$username = preg_replace('/[^\\w\\s-.]/', '', $_POST['name']);
// filter out all except for alphanumeric white space and dash
$username = db_real_escape_string($username);
$password = db_real_escape_string($_POST['pass']);
$result = user_logon($username, $password);
if ($result == 0) {
$output['message'] = _('Invalid username or password');
$output['content'] = view("user/login_block.php", array());
} else {
$output['message'] = _('Welcome, you are now logged in');
if ($format == 'html') {
header('Location: ../dashboard/list');
}
}
} else {
$output['content'] = view('user/login_block.php', array());
}
} elseif ($action == 'create' && $allowusersregister) {
$username = preg_replace('/[^\\w\\s-.]/', '', $_POST["name"]);
// filter out all except for alphanumeric white space and dash
$username = db_real_escape_string($username);
$password = db_real_escape_string($_POST["pass"]);
// New option to return apikey on register - for use with drupal auth integration
if ($_GET['returnapikey'] == true) {
$returnapikey = true;
} else {
$returnapikey = false;
}
if (get_user_id($username) != 0) {
$output['message'] = _("Sorry username already exists");
} elseif (strlen($username) < 4 || strlen($username) > 30) {
$output['message'] = _("Please enter a username that is 4 to 30 characters long") . "<br/>";
} elseif (strlen($password) < 4 || strlen($password) > 30) {
$output['message'] = _("Please enter a password that is 4 to 30 characters long") . "<br/>";
} else {
$user = create_user($username, $password);
if (!$returnapikey) {
$result = user_logon($username, $password);
$output['message'] = _("Your new account has been created");
} else {
$output['message'] = $user['readapikey'];
}
if ($format == 'html') {
header("Location: ../dashboard/list");
}
if ($_SESSION['write']) {
create_user_statistics($_SESSION['userid']);
}
}
} elseif ($action == 'changepass' && $_SESSION['write']) {
$oldpass = db_real_escape_string($_POST['oldpass']);
$newpass = db_real_escape_string($_POST['newpass']);
if (strlen($newpass) < 4 || strlen($newpass) > 30) {
$output['message'] = _("Please enter a password that is 4 to 30 characters long") . "<br/>";
} elseif (change_password($_SESSION['userid'], $oldpass, $newpass)) {
$output['message'] = _("Your password has been changed");
} else {
$output['message'] = _("Invalid password");
}
} elseif ($action == 'changedetails' && $_SESSION['write']) {
$username = preg_replace('/[^\\w\\s-.]/', '', $_POST["username"]);
$username = db_real_escape_string($username);
$email = preg_replace('/[^\\w\\s-.@]/', '', $_POST["email"]);
$email = db_real_escape_string($email);
$id = get_user_id($username);
if ($id && $id != $_SESSION['userid']) {
$output['message'] = _("Sorry username already exists");
} elseif (strlen($username) < 4 || strlen($username) > 30) {
$output['message'] = _("Please enter a username that is 4 to 30 characters long") . "<br/>";
} elseif (!$email) {
$output['message'] = _("No email address present") . "<br/>";
} else {
set_user_username($_SESSION['userid'], $username);
set_user_email($_SESSION['userid'], $email);
}
} elseif ($action == 'newapiread' && $session['write']) {
$apikey_read = md5(uniqid(mt_rand(), true));
set_apikey_read($session['userid'], $apikey_read);
$output['message'] = _("New read apikey: ") . $apikey_read;
if ($format == 'html') {
header("Location: view");
}
} elseif ($action == 'newapiwrite' && $session['write']) {
$apikey_write = md5(uniqid(mt_rand(), true));
set_apikey_write($session['userid'], $apikey_write);
$output['message'] = _("New write apikey: ") . $apikey_write;
if ($format == 'html') {
header("Location: view");
}
} elseif ($action == 'logout' && $session['read']) {
if ($_POST['CSRF_token'] == $_SESSION['CSRF_token']) {
user_logout();
$output['message'] = _("You are logged out");
} else {
reset_CSRF_token();
$output['message'] = _("Invalid token");
}
if ($format == 'html') {
header("Location: ../");
}
} elseif ($action == 'getapiread' && $session['read']) {
$apikey_read = get_apikey_read($session['userid']);
$output = $apikey_read;
} elseif ($action == 'getapiwrite' && $session['write']) {
$apikey_write = get_apikey_write($session['userid']);
$output = $apikey_write;
} elseif ($action == 'view' && $session['write']) {
$user = get_user($session['userid']);
$stats = get_statistics($session['userid']);
if ($format == 'json') {
$output['content'] = json_encode($user);
}
if ($format == 'html') {
$output['content'] = view("user_view.php", array('user' => $user, 'stats' => $stats));
}
} elseif ($action == 'setlang' && $session['write']) {
// Store userlang in database
set_user_lang($session['userid'], $_GET['lang']);
// Reload the page
if ($format == 'html') {
header("Location: view");
}
}
return $output;
}
function vis_controller()
{
require "Models/feed_model.php";
global $session, $action, $format;
if ($session['read']) {
$apikey = get_apikey_read($session['userid']);
}
if ($action == 'list' && $session['write']) {
$user = get_user($session['userid']);
$output['content'] = view("api_view.php", array('user' => $user));
}
// vis/realtime?feedid=1
if ($action == "realtime" && $session['read']) {
$feedid = intval($_GET['feedid']);
$output['content'] = view("vis/realtime.php", array('feedid' => $feedid, 'feedname' => get_feed_name($feedid)));
}
// vis/rawdata?feedid=1
if ($action == "rawdata" && $session['read']) {
$feedid = intval($_GET['feedid']);
$output['content'] = view("vis/rawdata.php", array('feedid' => $feedid, 'feedname' => get_feed_name($feedid)));
}
// vis/bargraph?feedid=2
if ($action == "bargraph" && $session['read']) {
$feedid = intval($_GET['feedid']);
$output['content'] = view("vis/bargraph.php", array('feedid' => $feedidtrystan, 'feedname' => get_feed_name($feedid)));
}
if ($action == 'smoothie' && $session['read']) {
$output['content'] = view("vis/smoothie/smoothie.php", array());
}
// vis/histgraph?feedid=3
if ($action == "histgraph" && $session['read']) {
$feedid = intval($_GET['feedid']);
$output['content'] = view("vis/histgraph.php", array('feedid' => $feedid, 'feedname' => get_feed_name($feedid)));
}
// vis/dailyhistogram?power= &kwhd= &whw=
if ($action == 'dailyhistogram' && $session['read']) {
$output['content'] = view("vis/dailyhistogram/dailyhistogram.php", array());
}
if ($action == 'zoom' && $session['read']) {
$output['content'] = view("vis/zoom/zoom.php", array());
}
if ($action == 'comparison' && $session['read']) {
$output['content'] = view("vis/comparison/comparison.php", array());
}
if ($action == 'stacked' && $session['read']) {
$output['content'] = view("vis/stacked.php", array());
}
if ($action == 'threshold' && $session['read']) {
$output['content'] = view("vis/threshold.php", array());
}
if ($action == 'simplezoom' && $session['read']) {
$output['content'] = view("vis/simplezoom.php", array());
}
if ($action == "orderbars" && $session['read']) {
$feedid = intval($_GET['feedid']);
$output['content'] = view("vis/orderbars.php", array('feedid' => $feedid, 'feedname' => get_feed_name($feedid)));
}
if ($action == 'orderthreshold' && $session['read']) {
$output['content'] = view("vis/orderthreshold.php", array());
} elseif ($action == 'multigraph' && $session['read']) {
if ($session['write']) {
$write_apikey = get_apikey_write($session['userid']);
}
$output['content'] = view("vis/multigraph.php", array('write_apikey' => $write_apikey));
}
// vis/rawdata?feedid=1
if ($action == "edit" && $session['write']) {
$feedid = intval($_GET['feedid']);
$output['content'] = view("vis/edit.php", array('feedid' => $feedid, 'feedname' => get_feed_name($feedid), 'type' => get_feed_datatype($feedid)));
}
return $output;
}
<?php global $path, $session; ?> <h2>Command API</h2> <h3>Apikey authentication</h3> <p>If you want to call any of the following action's when your not logged in, add your read & write apikey to the URL of your request: &apikey=APIKEY.</p> <p><b>Read & Write:</b><br> <input type="text" style="width:230px" readonly="readonly" value="<?php echo get_apikey_write($session['userid']); ?> " /> </p> <h3>Get command</h3> <p><a href="<?php echo $path; ?> command/get.json"><?php echo $path; ?> command/get.json</a></p> <h3>Insert command</h3> <p><a href="<?php echo $path; ?> command/insert?cmd=turnonheating"><?php
