/**
* \brief check if user is connected
* \return \b TRUE on success, <b>HTTP status code 401 Authentication failed</b> on failure
*/
function checkConnected()
{
if (!isset($_SESSION["user"])) {
httpResponse(401, array('message' => 'Not logged in'));
}
return true;
}
function add_discussion_like_dislike($params)
{
$review = json_decode(httpResponse(dbUrl() . '/individual-discussion-comment/' . $params['commentId'], null, null), true);
$review['like'] = $params['like'];
$review['dislike'] = $params['dislike'];
$review['userRatingReview'][$params['userLogin']] = $params['ratingComment'];
$data = json_encode($review);
json_decode(httpResponse(dbUrl() . '/individual-discussion-comment/' . $params['commentId'], 'PUT', $data), true);
return json_encode($data);
}
function upload_edit_profile_picture($params, $file)
{
if (isset($params['id'])) {
$profile = json_decode(httpResponse(dbUrl() . '/profiles/' . $params['id'], null, null), true);
if ($profile != null and isset($profile['id']) == true) {
$id = $params['id'];
$mainDir = dirname(__DIR__);
$fileFolder = '\\uploads\\profile\\' . $id;
if (is_dir($mainDir . $fileFolder)) {
delete_directory($mainDir . $fileFolder);
}
if (mkdir($mainDir . $fileFolder, 0755)) {
$name_file = basename($file['file']['name']);
$type = substr($name_file, strripos($name_file, '.'));
$name_file = date('YmdHisu') . $type;
$uploadFile = $mainDir . $fileFolder . '\\' . $name_file;
if (move_uploaded_file($file['file']['tmp_name'], $uploadFile)) {
$otherName = '/uploads/profile/' . $id . '/' . $name_file;
$file['name'] = $otherName;
$profile['image'] = $otherName;
$changed_item = json_decode(httpResponse(dbUrl() . '/profiles/' . $params['id'], 'PUT', json_encode($profile)), true);
return json_encode(array('result' => 'file saved', 'file' => $file));
} else {
return json_encode(array('error' => 'Possible attacks via file download'));
}
} else {
return json_encode(array('error' => 'Unable create directory '));
}
} else {
return json_encode(array('error' => 'Profile does not exist'));
}
} else {
return json_encode(array('error' => 'Profile id does not exist'));
}
}
case validateRoute('GET', 'nonscene'):
$adminlogs = new AdminLogs($db, $user);
$nonscene = new Nonscene($db, $user, $adminlogs);
httpResponse($nonscene->query());
break;
case validateRoute('POST', 'nonscene'):
$adminlogs = new AdminLogs($db, $user);
$nonscene = new Nonscene($db, $user, $adminlogs);
$nonscene->create($postdata);
httpResponse();
break;
case validateRoute('DELETE', 'nonscene/\\d+'):
$adminlogs = new AdminLogs($db, $user);
$nonscene = new Nonscene($db, $user, $adminlogs);
$nonscene->delete($params[1]);
httpResponse();
break;
}
httpResponseError(404, 'Resource not found');
} catch (Exception $e) {
/* Don't expose SQL errors, log them. */
if ($e instanceof PDOException) {
$errorString = $e->getMessage() . $e->getFile() . $e->getLine();
$sqlerrors = new SqlErrors($db, $user);
$sqlerrors->create($errorString);
httpResponseError(500, "Ett serverfel har inträffat. Händelsen har loggats.");
} else {
httpResponseError($e->getCode(), $e->getMessage());
}
}
/* Route matcher function */
<?php
require_once '../lib/env.php';
require_once 'http.php';
require_once 'session.php';
require_once 'db.php';
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
checkConnected();
$_SESSION['user'] = $db_driver->getUser($_SESSION['user']['id'], $_SESSION['user']['customer'], NULL);
unset($_SESSION['user']['password']);
unset($_SESSION['user']['salt']);
httpResponse(200, array('user' => $_SESSION['user']));
break;
case 'OPTIONS':
httpOptionsMethod(HTTP_GET);
break;
default:
httpUnsupportedMethod();
break;
}
case validateRoute('POST', 'torrent-lists/\\d+/votes'):
$torrentLists = new TorrentLists($db, $user);
$response = $torrentLists->vote($params[1]);
httpResponse($response);
break;
case validateRoute('GET', 'torrent-list-bookmarks'):
$bookmarks = new TorrentListBookmarks($db, $user);
httpResponse($bookmarks->query(null));
break;
case validateRoute('POST', 'torrent-list-bookmarks'):
$bookmarks = new TorrentListBookmarks($db, $user);
httpResponse($bookmarks->create($postdata));
break;
case validateRoute('DELETE', 'torrent-list-bookmarks/\\d+'):
$bookmarks = new TorrentListBookmarks($db, $user);
httpResponse($bookmarks->delete((int) $params[1]));
break;
}
httpResponseError(404, 'Resource not found');
} catch (Exception $e) {
/* Don't expose SQL errors, log them. */
if ($e instanceof PDOException) {
$errorString = $e->getMessage() . $e->getFile() . $e->getLine();
$sqlerrors = new SqlErrors($db, $user);
$sqlerrors->create($errorString);
httpResponseError(500, L::get("SERVER_ERROR"));
} else {
httpResponseError($e->getCode(), $e->getMessage());
}
}
/* Route matcher function */
function fieldPlays($method, $target, $payload)
{
switch ($method) {
case "GET":
checkNULL($target, 'device');
checkDevice($target, 'has_device');
$result = dbSelect('devices', 'devicetime', "tag='" . $target . "'");
$response = $result->fetch_assoc();
httpResponse($response, 200);
break;
case "POST":
checkNULL($target, 'room');
checkRoom($target, 'has_room');
checkNULL($payload['user'], 'user');
checkOnline($payload['user']);
dbUpdate('devices', "command='" . $payload['cmd'] . "', timestamp='" . $payload['ts'] . "'", "location='" . $target . "'");
echoSuccess("set_play");
break;
case "PUT":
checkNULL($target, 'device');
checkDevice($target, 'has_device');
dbUpdate('devices', "devicetime='" . $payload['dt'] . "'", "tag='" . $target . "'");
$result = dbSelect('devices', 'command, timestamp', "tag='" . $target . "'");
$response = $result->fetch_assoc();
httpResponse($response, 200);
dbUpdate('devices', "command=''", "tag='" . $target . "'");
break;
case "DELETE":
checkNULL($target, 'room');
checkRoom($target, 'has_room');
dbUpdate('devices', "command='', timestamp=''", "location='" . $target . "'");
echoSuccess("reset_play");
break;
default:
echoError('Invalid Method');
break;
}
}
case 'GET':
checkConnected();
$customer = $db_driver->getCustomer($_SESSION['user']['customer']);
if ($customer === null) {
httpResponse(204, null);
}
if ($customer) {
httpResponse(200, $customer);
}
httpResponse(500, null);
break;
case 'POST':
checkConnected();
$fields = httpParseInput();
$fields['id'] = $_SESSION['user']['customer'];
$res = $db_driver->updateCustomer($fields);
if ($res === true) {
httpResponse(200, array('message' => 'Successfully updated'));
}
if ($res) {
httpResponse(400, array('message' => $res));
}
httpResponse(500, null);
break;
case 'OPTIONS':
httpOptionsMethod(HTTP_ALL_METHODS & ~HTTP_PUT & ~HTTP_DELETE);
break;
default:
httpUnsupportedMethod();
break;
}
httpResponse(200, array('message' => 'Logged in', 'user_id' => $_SESSION['user']['id']));
} else {
httpResponse(401, array('message' => 'Not logged in'));
}
break;
case 'POST':
$credential = httpParseInput();
if (!$credential || !isset($credential['login']) || !isset($credential['password'])) {
httpResponse(400, array('message' => '"login" and "password" are required'));
}
$user = $db_driver->getUser(NULL, NULL, $credential['login']);
if ($user === false || !$user['is_active']) {
httpResponse(401, array('message' => 'Authentication failed'));
}
$raw_pw = hash_pbkdf2('sha512', $credential['password'], $user['salt'], 1024, 40, true);
if ($user['password'] != base64_encode($raw_pw)) {
httpResponse(401, array('message' => 'Password failed'));
}
$_SESSION['user'] = $user;
unset($_SESSION['user']['password']);
unset($_SESSION['user']['salt']);
httpAddLocation('/auth/');
httpResponse(201, array('message' => 'Logged in', 'user_id' => $user['id']));
break;
case 'OPTIONS':
httpOptionsMethod(HTTP_ALL_METHODS & ~HTTP_PUT);
break;
default:
httpUnsupportedMethod();
break;
}
/**
* \brief returns not supported http method
* \return HTTP status codes :
* - \b 405 Method Not Allowed
*/
function httpUnsupportedMethod()
{
httpResponse(405, array('message' => 'Method Not Allowed'));
}
