json_Begin(); // Do Actions // switch ($REQUEST[0]) { case 'set': json_ValidateHTTPMethod('POST'); if (user_AuthIsAdmin()) { json_EmitFatalError_NotImplemented(null, $RESPONSE); /// @todo sanitize (don't let API create fields) /// @todo Do a set if (false) { json_RespondCreated(); } else { json_EmitFatalError_Server(null, $RESPONSE); } } else { json_EmitFatalError_Permission(null, $RESPONSE); } break; case 'get': json_ValidateHTTPMethod('GET'); if (user_AuthIsAdmin()) { $RESPONSE['global'] = $SH; } else { json_EmitFatalError_Permission(null, $RESPONSE); } break; default: json_EmitFatalError_Forbidden(null, $RESPONSE); break; } json_End();
} else { // Keys don't match. This may be an attempt to hijack the account, so destroy the key. if (!user_AuthKeyClear($id)) { json_EmitFatalError_Server("Unable to clear key", $RESPONSE); } json_EmitFatalError_Permission(null, $RESPONSE); } } else { json_EmitFatalError_Permission(null, $RESPONSE); } } else { json_EmitFatalError_BadRequest(null, $RESPONSE); } break; case 'login': json_ValidateHTTPMethod('POST'); $login = null; $pw = null; $secret = null; // Confirm Arguments if (isset($_POST['login'])) { $login = coreSanitize_String($_POST['login']); } else { json_EmitFatalError_BadRequest("'login' not found in POST", $RESPONSE); } if (isset($_POST['pw'])) { $pw = coreSanitize_String($_POST['pw']); } else { json_EmitFatalError_BadRequest("'pw' not found in POST", $RESPONSE); } if (isset($_POST['secret'])) {