<?php
use FMA\Utility;
header("Content-Type: application/json");
require_once __DIR__ . "/../../FMA/autoload.php";
$_pdo = new \FMA\PDO\MySQL_PDO();
$_auth = new \FMA\Auth\SessionAuth($_pdo);
$_auth->validate();
$data = [];
if (!count($_FILES)) {
$data = ["err" => true, "msg" => "There was an error with the file upload."];
} else {
if (\FMA\Utility::stringStartsWith($_REQUEST["REQUEST_NAME"], "ADMIN_")) {
$_REQUEST["REQUEST_NAME"] = str_replace("ADMIN_", "", $_REQUEST["REQUEST_NAME"]);
if (!$_auth->getUser()->getPosition() || !$_auth->getUser()->getPosition()->isOfficer()) {
$data = ["err" => true, "msg" => "You do not have permission to do that."];
} else {
if ($_REQUEST["DATA_TYPE"] == "UPLOAD_EVENT_ATTACHMENT") {
$event_id = Utility::cleanInt($_POST["event_id"], 1);
if (!$event_id) {
$data = ["err" => true, "msg" => "Invalid event ID."];
goto end;
}
$_event = \FMA\Calendar\Event::find($_pdo, $event_id);
if (is_null($_event) || $_event->getCreator()->getChapterId() != $_auth->getUser()->getChapterId()) {
$data = ["err" => true, "msg" => "Invalid event ID."];
goto end;
}
try {
$_fs = \FMA\Config::getFileSystem();
$_uploader = new \FMA\File\Builder\EventFileBuilder($_pdo, $_fs, $_event);
<?php
header("Content-Type: application/json");
// ini_set("html_errors", false);
require_once __DIR__ . "/../../FMA/autoload.php";
$_pdo = new \FMA\PDO\MySQL_PDO();
$_auth = new \FMA\Auth\SessionAuth($_pdo);
//Do not validate auth here, use authenticated controller
$_POST["REQUEST_NAME"] = strtoupper($_POST["REQUEST_NAME"]);
$data = ["err" => true, "msg" => "Invalid action attempted. Action does not exist."];
if ($_POST["REQUEST_NAME"] == "REGISTER_NEW_CHAPTER") {
$controller = new \FMA\Controllers\OrganizationRegistrationController($_pdo);
$controller->main();
$data = ["err" => $controller->hasError(), "msg" => $controller->getErrorMessage()];
} else {
if (\FMA\Utility::stringStartsWith($_POST["REQUEST_NAME"], "ADMIN_")) {
$_POST["REQUEST_NAME"] = str_replace("ADMIN_", "", $_POST["REQUEST_NAME"]);
if (!$_auth->getUser()->getPosition() || !$_auth->getUser()->getPosition()->isOfficer()) {
$data = ["err" => true, "msg" => "Invalid action attempted. You do not have the required permissions to perform this action."];
} else {
if ($_POST["REQUEST_NAME"] == "CREATE_NEW_EVENT") {
$controller = new \FMA\Controllers\Event\CreateNewController($_pdo, $_auth);
$events = $controller->main();
$data = ["err" => $controller->hasError(), "msg" => $controller->getErrorMessage(), "events" => array_map(function (\FMA\Calendar\Event $event) {
return $event->toArray();
}, $events)];
}
}
}
}
echo json_encode($data, JSON_PRETTY_PRINT);
<?php
require_once __DIR__ . "/../../FMA/autoload.php";
header("Content-Type: application/json");
$_pdo = new \FMA\PDO\MySQL_PDO();
$_auth = new \FMA\Auth\SessionAuth($_pdo);
$router = new AltoRouter([], "/service");
$router->map("POST", "/login/", function () use($_pdo, $_auth) {
$_auth->authenticate($_POST["email"] ?: "", $_POST["password"] ?: "");
$user = null;
if (!$_auth->hasError() && $_auth->getUser()) {
$user = $_auth->getUser();
if (\FMA\Utility::cleanBoolean($_POST["remember"])) {
$_auth->remember();
}
$user = $user ? $user->toArray() : $user;
}
return ["err" => $_auth->hasError(), "msg" => $_auth->getErrorMessage(), "user" => $user];
});
$match = $router->match();
if ($match && !is_callable($match["target"])) {
throw new TypeError("Target is not callable.");
} else {
if ($match && is_callable($match["target"])) {
$page_title = $match["name"];
$arr = call_user_func_array($match["target"], $match["params"]);
echo json_encode($arr, JSON_PRETTY_PRINT);
} else {
$page_title = "404";
header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
echo json_encode(["err" => true, "msg" => "Invalid Request URI"], JSON_PRETTY_PRINT);
