// sanitize the fromLocationId
$fromLocationId = filter_input(INPUT_GET, "fromLocationId", FILTER_VALIDATE_INT);
// sanitize the toLocationId
$toLocationId = filter_input(INPUT_GET, "toLocationId", FILTER_VALIDATE_INT);
// sanitize the productId
$productId = filter_input(INPUT_GET, "productId", FILTER_VALIDATE_INT);
// sanitize the userId
$userId = filter_input(INPUT_GET, "userId", FILTER_VALIDATE_INT);
// sanitize the movementDate
$movementDate = filter_input(INPUT_GET, "movementDate", FILTER_VALIDATE_INT);
// sanitize the movementType
$movementType = filter_input(INPUT_GET, "movementType", FILTER_SANITIZE_STRING);
// sanitize the page
$page = filter_input(INPUT_GET, "page", FILTER_VALIDATE_INT);
// grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/invtext.ini");
// handle all RESTful calls to Movement
// get some or all Movements
if ($method === "GET") {
// set an XSRF cookie on GET requests
setXsrfCookie("/");
if (empty($movementId) === false) {
$reply->data = Movement::getMovementByMovementId($pdo, $movementId)->toArray();
} else {
if (empty($fromLocationId) === false) {
$reply->data = Movement::getMovementByFromLocationId($pdo, $fromLocationId)->toArray();
} else {
if (empty($toLocationId) === false) {
$reply->data = Movement::getMovementByToLocationId($pdo, $toLocationId)->toArray();
} else {
if (empty($productId) === false) {
require_once dirname(dirname(__DIR__)) . "/classes/autoloader.php";
require_once dirname(dirname(__DIR__)) . "/lib/xsrf.php";
require_once "/etc/apache2/capstone-mysql/encrypted-config.php";
use Edu\Cnm\Timecrunchers\Request;
use Edu\Cnm\Timecrunchers\Access;
//start the session and create a XSRF token
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
//prepare an empty reply
$reply = new stdClass();
$reply->status = 200;
$reply->data = null;
try {
//grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/timecrunch.ini");
//if the user session is empty, the user is not logged in, throw an exception
if (empty($_SESSION["user"]) === true) {
setXsrfCookie("/");
throw new RuntimeException("Please log-in or sign up", 401);
}
//determine which HTTP method was used
$method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"];
$reply->method = $method;
//sanitize the id
$id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT);
//Handle REST calls
if ($method === "GET") {
//Set XSRF cookie
setXsrfCookie("/");
//Get Request based on given field
// imports xsrf
require_once dirname(dirname(__DIR__) . "/lib/xsrf.php");
// a security file that's on the schools server, that Dylan created, so it'll show not found.
require_once "/etc/apache2/capstone-mysql/encrypted-config.php";
// prepare the default error message
$reply = new stdClass();
$reply->status = 200;
$reply->message = null;
try {
// start the session and create an xsrf token
if (session_start() !== PHP_SESSION_ACTIVE) {
session_start();
}
verifyXsrf();
// connect to the db
$pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/sprots.ini");
//determine which HTTP method was used
$method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"];
if ($method === "POST") {
// convert JSON to an object
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
// sanitize the email, and search by profileEmail
$profileEmail = filter_var($requestObject->profileEmail, FILTER_SANITIZE_EMAIL);
$profile = Profile::getProfileByProfileEmail($pdo, $profileEmail);
if ($profile !== null) {
$profileHash = hash_pbkdf2("sha512", $requestObject->password, $profile->getProfileSalt(), 262144, 128);
if ($profileHash === $profile->getProfileHash()) {
$_SESSION["Profile"] = $profile;
$reply->status = 200;
$reply->message = "Successfully logged in";
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
// prepare an empty reply
$reply = new stdClass();
$reply->status = 200;
$reply->data = null;
try {
// determine which HTTP method was used
$method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"];
// sanitize the userId
$userId = filter_input(INPUT_GET, "userId", FILTER_VALIDATE_INT);
// sanitize the email
$email = filter_input(INPUT_GET, "email", FILTER_SANITIZE_EMAIL);
// grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/ninja-mysql/appsbyninja.ini");
// handle all RESTful calls to User today
// get some or all Users
if ($method === "GET") {
// set an XSRF cookie on GET requests
setXsrfCookie("/");
if (empty($userId) === false) {
$reply->data = User::getUserByUserId($pdo, $userId);
} else {
if (empty($email) === false) {
$reply->data = User::getUserByEmail($pdo, $email);
} else {
$reply->data = User::getAllUsers($pdo);
}
}
// post to a new User
*/
//verify the xsrf challenge
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
//prepare an empty reply
$reply = new stdClass();
$reply->status = 200;
$reply->data = null;
try {
// create the Pusher connection
$config = readConfig("/etc/apache2/capstone-mysql/breadbasket.ini");
$pusherConfig = json_decode($config["pusher"]);
$pusher = new Pusher($pusherConfig->key, $pusherConfig->secret, $pusherConfig->id, ["debug" => true, "encrypted" => true]);
//grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/breadbasket.ini");
//if the volunteer session is empty, the user is not logged in, throw an exception
if (empty($_SESSION["volunteer"]) === true) {
setXsrfCookie("/");
throw new RuntimeException("Please log-in or sign up", 401);
}
//determine which HTTP method was used
$method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"];
//if a put and a volunteer, temporarily give admin access to the user
if ($method === "PUT") {
$_SESSION["volunteer"]->setVolIsAdmin(true);
}
//sanitize the id
$id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT);
//make sure the id is valid for methods that require it
if (($method === "DELETE" || $method === "PUT") && (empty($id) === true || $id < 0)) {
// sanitize the class, id, and format
$validFormats = array("html", "json", "xml");
$id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT);
$class = filter_input(INPUT_GET, "class", FILTER_SANITIZE_STRING);
$format = filter_input(INPUT_GET, "format", FILTER_SANITIZE_STRING);
if (empty($class) === true) {
throw new InvalidArgumentException("invalid class", 405);
}
if (in_array($format, $validFormats) === false) {
throw new InvalidArgumentException("invalid format", 405);
}
if ($method === "DELETE" && (empty($id) === true || $id < 0)) {
throw new InvalidArgumentException("id cannot be empty or negative", 405);
}
// grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/data-design/dmcdonald21.ini");
// handle all RESTful calls to Tweet
if ($class === "tweet") {
// get some or all Tweets
if ($method === "GET") {
if (empty($id) === false) {
$reply->data = Tweet::getTweetByTweetId($pdo, $id);
} else {
$reply->data = Tweet::getAllTweets($pdo)->toArray();
}
// post to an existing Tweet
} else {
if ($method === "POST") {
// convert POSTed JSON to an object
verifyXsrf();
$requestContent = file_get_contents("php://input");
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
// prepare an empty reply
$reply = new stdClass();
$reply->status = 200;
$reply->data = null;
try {
// determine which HTTP method was used
$method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"];
// sanitize the userId
$userId = filter_input(INPUT_GET, "userId", FILTER_VALIDATE_INT);
// sanitize the email
$email = filter_input(INPUT_GET, "email", FILTER_SANITIZE_EMAIL);
// grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/ecnchurch.ini");
// handle all RESTful calls to User today
// get some or all Users
if ($method === "GET") {
// set an XSRF cookie on GET requests
setXsrfCookie("/");
if (empty($userId) === false) {
$reply->data = User::getUserByUserId($pdo, $userId);
} else {
if (empty($email) === false) {
$reply->data = User::getUserByEmail($pdo, $email);
} else {
$reply->data = User::getAllUsers($pdo);
}
}
// post to a new User
