$path_parts = explode("/", $_GET["path"]);
$filename = "";
$classname = "";
$found = false;
$c = 0;
foreach ($path_parts as $pp) {
$c++;
$filename .= "/" . preg_replace("/[^a-z0-9_-]/", '', strtolower($pp));
$classname .= ucfirst(preg_replace("/[^a-z0-9_]/", '', strtolower($pp)));
if (is_file(RARS_BASE_PATH . "api{$filename}.php")) {
$found = true;
break;
}
}
if (!$found) {
RazorAPI::response(null, null, $code = 404);
}
// grab any data or id's data
if ($method == "delete" || $method == "get") {
$data = count($path_parts) == $c + 1 ? RazorAPI::clean_data($path_parts[$c]) : (count($path_parts) == $c + 2 ? RazorAPI::clean_data($path_parts[$c + 1]) : null);
} else {
$data = RazorAPI::clean_data(!empty($_POST) ? $_POST : json_decode(file_get_contents('php://input')));
}
// load resource or throw error
include RARS_BASE_PATH . "api{$filename}.php";
$resource = new $classname();
if (!method_exists($resource, $method)) {
RazorAPI::response(null, null, $code = 405);
}
$response = $resource->{$method}($data);
/* EOF */
public function login($data)
{
// check if email set
if (!isset($data["username"])) {
throw new Exception("No Login username");
}
if (!isset($data["password"])) {
throw new Exception("No Login password");
}
$ip_address = preg_replace("/[^0-9.]/", '', substr($_SERVER["REMOTE_ADDR"], 0, 50));
$user_agent = preg_replace("/[^0-9a-zA-Z.:;-_]/", '', substr($_SERVER["HTTP_USER_AGENT"], 0, 250));
// check ban list if active before doing anything else
if (RARS_ACCESS_BAN_ATTEMPS > 0) {
// find banned rows
$db = new RazorDB();
$db->connect("banned");
$search = array(array("column" => "ip_address", "value" => $ip_address), array("column" => "user_agent", "value" => $user_agent, "and" => true));
$count = $db->get_rows($search);
$count = $count["count"];
$db->disconnect();
if ($count > 0) {
return RazorAPI::response(array("message" => "Login failed: ip banned", "login_error_code" => 104), "json");
}
}
/* carry on with login */
// find user
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "email_address", "value" => $data["username"]);
$options = array("amount" => 1);
$res = $db->get_rows($search, $options);
$db->disconnect();
// check user found
if ($res["count"] != 1) {
return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json");
}
// grab user details
$user = $res["result"][0];
// check if user is locked out here
if (!empty($user["lock_until"]) && $user["lock_until"] > time()) {
return RazorAPI::response(array("message" => "Login failed: user locked out please try later", "login_error_code" => 102, "time_left" => $user["lock_until"] - time()), "json");
}
// check active user
if (!$user["active"]) {
return RazorAPI::response(array("message" => "Login failed: user not active", "login_error_code" => 103), "json");
}
// now check if password ok (we need password first to get salt from it before we can check it), if not then send response
if (RazorAPI::create_hash($data["password"], substr($user["password"], 0, strlen($user["password"]) / 2), 'sha1') !== $user["password"]) {
// update failed attempts and lockout
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "id", "value" => $user["id"]);
$changes = array("failed_attempts" => $user["failed_attempts"] + 1);
if ($user["failed_attempts"] > 0 && $user["failed_attempts"] % RARS_ACCESS_ATTEMPTS == 0) {
$changes["lock_until"] = time() + RARS_ACCESS_LOCKOUT;
}
$db->edit_rows($search, $changes);
$db->disconnect();
// add to banned list if banned active and too many attempts
if (RARS_ACCESS_BAN_ATTEMPS > 0 && $user["failed_attempts"] + 1 >= RARS_ACCESS_BAN_ATTEMPS) {
$db = new RazorDB();
$db->connect("banned");
$row = array("ip_address" => $ip_address, "user_agent" => $user_agent);
$db->add_rows($row);
$db->disconnect();
}
return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json");
}
/* we are now authenticated, respond and send token back */
// need to create a token and last logged stamp and save it in the db
$last_logged = time();
$pass_hash = $user["password"];
$token = sha1($last_logged . $user_agent . $ip_address . $pass_hash) . "_" . $user["id"];
// store last logged and reset lockout/attempts
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "id", "value" => $user["id"]);
$changes = array("last_logged_in" => $last_logged, "last_accessed" => $last_logged, "failed_attempts" => 0, "lock_until" => null, "ip_address" => $ip_address);
$db->edit_rows($search, $changes);
$db->disconnect();
// collect user data
$user = array("id" => $user["id"], "name" => $user["name"], "email_address" => $user["email_address"], "last_logged_in" => $user["last_logged_in"], "access_level" => $user["access_level"]);
// setup response
return RazorAPI::response(array("token" => $token, "user" => $user), "json");
}
public function login($data)
{
// check if email set
if (!isset($data["username"])) {
throw new Exception("No Login username");
}
if (!isset($data["password"])) {
throw new Exception("No Login password");
}
$ip_address = preg_replace("/[^0-9.]/", '', substr($_SERVER["REMOTE_ADDR"], 0, 50));
$user_agent = preg_replace("/[^0-9a-zA-Z.:;-_]/", '', substr($_SERVER["HTTP_USER_AGENT"], 0, 250));
// check ban list if active before doing anything else
if (RARS_ACCESS_BAN_ATTEMPS > 0) {
// find banned rows
$banned = $this->razor_db->get_first('banned', '*', array('ip_address' => $ip_address, 'user_agent' => $user_agent));
if (!empty($banned)) {
return RazorAPI::response(array("message" => "Login failed: ip banned", "login_error_code" => 104), "json");
}
}
/* carry on with login */
// find user
$user = $this->razor_db->get_first('user', '*', array('email_address' => $data['username']));
// check user found
if (empty($user)) {
return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json");
}
// check if user is locked out here
if (!empty($user["lock_until"]) && $user["lock_until"] > time()) {
return RazorAPI::response(array("message" => "Login failed: user locked out please try later", "login_error_code" => 102, "time_left" => $user["lock_until"] - time()), "json");
}
// check active user
if (!$user["active"]) {
return RazorAPI::response(array("message" => "Login failed: user not active", "login_error_code" => 103), "json");
}
// now check if password ok (we need password first to get salt from it before we can check it), if not then send response
if (RazorAPI::create_hash($data["password"], substr($user["password"], 0, strlen($user["password"]) / 2), 'sha1') !== $user["password"]) {
// data to update
$update_data = array('failed_attempts' => $user['failed_attempts']++);
if ($user["failed_attempts"] > 0 && $user["failed_attempts"] % RARS_ACCESS_ATTEMPTS == 0) {
$update_data['lock_until'] = time() + RARS_ACCESS_LOCKOUT;
}
// update
$this->razor_db->edit_data('user', $update_data, array('id' => $user['id']));
// add to banned list if banned active and too many attempts
if (RARS_ACCESS_BAN_ATTEMPS > 0 && $user["failed_attempts"] + 1 >= RARS_ACCESS_BAN_ATTEMPS) {
// add ip and agent to banned
$this->razor_db->add_data('banned', array('ip_address' => $ip_address, 'user_agent' => $user_agent));
}
return RazorAPI::response(array("message" => "Login failed: username or password missmatch", "login_error_code" => 101), "json");
}
/* we are now authenticated, respond and send token back */
// need to create a token and last logged stamp and save it in the db
$last_logged = time();
$pass_hash = $user["password"];
$token = sha1($last_logged . $user_agent . $ip_address . $pass_hash) . "_" . $user["id"];
// update data
$update_data = array('id' => $user['id'], 'last_logged_in' => $last_logged, 'last_accessed' => $last_logged, 'ip_address' => $ip_address);
$user = $this->razor_db->edit_data('user', $update_data, array('id' => $user['id']), '*');
$user = $user[0];
// collect user data
$user = array("id" => $user["id"], "name" => $user["name"], "email_address" => $user["email_address"], "last_logged_in" => $user["last_logged_in"], "access_level" => $user["access_level"]);
// setup response
return RazorAPI::response(array("token" => $token, "user" => $user), "json");
}
/**
* Handle Error
* Handles all errors and exceptions
*
* @param string $error_type Type of error
* @param string $error_string Actual error string
* @param string $error_file File error happened in
* @param string $error_line Line error happened on
* @return bool True on pass
*/
public function handle_error($error_type = "", $error_string = "", $error_file = "", $error_line = "")
{
$error_group = 'log';
// changeing log type to chrome php
$type = '';
if (is_int($error_type)) {
switch ($error_type) {
case E_ERROR:
// 1 //
$error_group = 'error';
$type = 'E_ERROR';
break;
case E_WARNING:
// 2 //
$error_group = 'warn';
$type = 'E_WARNING';
break;
case E_PARSE:
// 4 //
$type = 'E_PARSE';
break;
case E_NOTICE:
// 8 //
$type = 'E_NOTICE';
break;
case E_CORE_ERROR:
// 16 //
$error_group = 'error';
$type = 'E_CORE_ERROR';
break;
case E_CORE_WARNING:
// 32 //
$error_group = 'warn';
$type = 'E_CORE_WARNING';
break;
case E_CORE_ERROR:
// 64 //
$error_group = 'error';
$type = 'E_COMPILE_ERROR';
break;
case E_CORE_WARNING:
// 128 //
$error_group = 'warn';
$type = 'E_COMPILE_WARNING';
break;
case E_USER_ERROR:
// 256 //
$error_group = 'error';
$type = 'E_USER_ERROR';
break;
case E_USER_WARNING:
// 512 //
$error_group = 'warn';
$type = 'E_USER_WARNING';
break;
case E_USER_NOTICE:
// 1024 //
$type = 'E_USER_NOTICE';
break;
case E_STRICT:
// 2048 //
$type = 'E_STRICT';
break;
case E_RECOVERABLE_ERROR:
// 4096 //
$error_group = 'error';
$type = 'E_RECOVERABLE_ERROR';
break;
case E_DEPRECATED:
// 8192 //
$type = 'E_DEPRECATED';
break;
case E_USER_DEPRECATED:
// 16384 //
$type = 'E_USER_DEPRECATED';
break;
}
}
$error['error'] = $type;
$error['type'] = $error_type;
$error['file'] = $error_file;
$error['line'] = $error_line;
$error['string'] = $error_string;
$error['group'] = $error_group;
// log error
$this->log_error($error);
// log error to chromephp
$this->chrome_php($error, false);
// display error on screen
$this->display_error($error);
if (class_exists("RazorAPI")) {
RazorAPI::response(null, null, 500);
} else {
return true;
}
}
