function rest_get($req) { global $JSON; if (checkPrivileges($req[0]) == false) { return; } $resp = reqRouter($req, "GET"); $response; switch ($resp) { case 1: global $routes; $order = @$routes[$req[0]]["orderBy"]; if (isset($order)) { $response = sql_GET_ALL($req[0], [$order, "ASC"]); } else { $response = sql_GET_ALL($req[0], [$routes[$req[0]]['identifier'], "ASC"]); } break; case 2: $response = sql_GET($req); break; case 3: $response = sql_GET_ROW($req); break; case 4: $response = sql_GET_SORT($req, true); break; case 5: $response = sql_GET_SORT($req, false); break; case 6: $response = sql_GET_COLUMNS(); break; case 7: $response = sql_GET_JOIN($JSON); break; case 8: $response = getPrice($JSON); break; case 9: $response = getByTime($req, $JSON); break; case 0: default: rest_error("Mal-Formed request, check url params", 400); return; } if (isset($response) && (is_array($response) && count($response) > 0)) { rest_success(json_encode($response)); } else { rest_error("Empty Results, Check if item exists in dataBase, Check Url requested.", 404); } return 0; }
function checkPrivileges($tableName) { global $adminRequired; if (in_array($tableName, $adminRequired)) { if (!isAdmin()) { rest_error("Invalid privileges, not an Admin", 401); return false; } } return true; }
function rest_delete($req) { if (checkPrivileges($req[0]) == false) { rest_error("Insufficient priveleges to DATABASE", 401); return; } $resp = reqRouter($req, "DELETE"); if ($resp == 0) { rest_error("Check URL Request, The value you are attempting to delete may not exist, check ID '" . $req[1] . "'", 400); return; } $response = sql_DELETE($req); if (isset($response)) { global $JSON; rest_success("'{$req['1']}' was deleted successfully!"); } else { rest_error("DELETION ERROR", 500); } return 0; }
function checkTableReqs($table, &$JSON) { global $routes; switch ($table) { case "users": if (isset($JSON['password'])) { $JSON['password'] = create_hash($JSON['password']); //rest_error("Mal-Formed JSON please read Documentation, missing 'password' property",400); //return false; } //echo json_encode($JSON); break; } foreach ($routes[$table]['identifiers'] as $val) { if (!isset($JSON[$val])) { rest_error("Mal-Formed JSON please read Documentation, missing '" . $val . "' property", 400); return false; } } return true; }
function rest_post($req) { if (checkPrivileges($req[0]) == false) { rest_error("Insufficient privelege to DATABASE", 401); return; } $resp = reqRouter($req, "POST"); if ($resp == 0) { rest_error("Check URL Request, The value you are attempting to set to may already be taken, You may not be fetching the correct value or column", 400); return; } //$resp==2 user is accessing /tableName/identifier and is updating to values that are available $response = $resp == 1 ? sql_POST($req) : sql_POST_ALL($req); if (isset($response)) { global $JSON; rest_success("'{$req['1']}' Has Been Updated Successfully!"); } else { rest_error("POST ERROR Has Occurred", 500); } return 0; }
echo json_encode("ERROR!"); } $method = $_SERVER['REQUEST_METHOD']; $request = $_SERVER['REQUEST_URI']; switch ($method) { case 'PUT': parse_str(file_get_contents('php://input'), $put_vars); sendHeaders(); $data = $put_vars; rest_put($request, $data); break; case 'POST': sendHeaders(); $data = $_POST; rest_post($request, $data); break; case 'GET': sendHeaders(); $data = $_GET; rest_get($request, $data); break; case 'DELETE': sendHeaders(); rest_delete($request); break; default: header("{$_SERVER['SERVER_PROTOCOL']} 404 Not Found"); rest_error($request); break; } exit;
function apikey_checker($apikey_used) { teampass_connect(); $apikey_pool = teampass_get_keys(); if (in_array($apikey_used, $apikey_pool)) { return 1; } else { rest_error('APIKEY', $apikey_used); } }
* but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ //require_once('config.php'); require_once 'functions.php'; header('Content-Type: application/json'); if (teampass_api_enabled() != "1") { echo '{"err":"API access not allowed."}'; exit; } teampass_whitelist(); parse_str($_SERVER['QUERY_STRING']); $method = $_SERVER['REQUEST_METHOD']; $request = explode("/", substr(@$_SERVER['PATH_INFO'], 1)); switch ($method) { case 'GET': rest_get(); break; case 'PUT': rest_put(); break; case 'DELETE': rest_delete(); break; case 'HEAD': rest_head(); break; default: rest_error('UNKNOWN'); break; }
function rest_post($request, $data) { $uri = explode("/", $request); $tip = array_pop($uri); switch ($tip) { case 'login': $dao = new \Dao\KorisnikDao(); $email = htmlentities($data['email']); $pass = htmlentities($data['password']); $hash = md5($pass); $logged = $dao->getLogin($email, $hash); if ($logged) { session_start(); $usr = $dao->getByExample('email', $email); $usr = $usr[0]; $username = $usr->getIme(); $_SESSION['username'] = $username; $id = $usr->getId(); $_SESSION['korisnikId'] = $id; } if (!$logged) { rest_error("Pogrešni podaci."); } return; break; case 'logout': session_start(); if (isset($_SESSION['username']) && $_SESSION['username'] == $data['username']) { unset($_SESSION['username']); session_destroy(); } else { rest_error("Niste prijavljeni."); } return; break; case 'register': session_start(); try { $korisnik = new Korisnik(); $ime = htmlentities($data['ime']); $prezime = htmlentities($data['prezime']); $korisnik->setIme($ime . " " . $prezime); $korisnik->setEmail(htmlentities($data['email'])); $password = htmlentities($data['password']); $korisnik->setPassword(md5($password)); $kdao = new \Dao\KorisnikDao(); $kdao->create($korisnik); $username = $ime . " " . $prezime; $_SESSION['username'] = $username; $id = $korisnik->getId(); $_SESSION['korisnikId'] = $id; } catch (Exception $e) { rest_error($e->getMessage()); } break; } }
function rest_put($req) { global $routes; global $JSON; include '../../includes/database.php'; $table = $req[0]; if (checkPrivileges($table) == false || checkTableReqs($table, $JSON) == false) { rest_error("Insufficient Priveleges OR incorrect JSON Requirements", 401); return; } $ret = reqRouter($req, "PUT"); if ($ret == 0) { rest_error("Item Exists Or Incorrect JSON Properties.", 409); return; } else { if ($ret == 2) { if (!isset($JSON["OrderSymbols"])) { rest_error("NO Order received, check JSON", 406); } $list = $JSON["OrderSymbols"]; $orders = explode(" , ", $list); $arr = []; $allPossibles = sql_GET_JOIN(["tables" => ["symbols"], "from" => "ingredients", "relations" => [["symbols.Name", "ingredients.Symbol"]], "select" => ["symbols.Symbol"]]); for ($i = 0; $i < count($orders); $i++) { $ingredients = explode(" ", $orders[$i]); //from here we need to check that each ingrediant is valid and available? for ($x = 0; $x < count($ingredients); $x++) { $ingrediant = $ingredients[$x]; $num = isInside($allPossibles, "Symbol", $ingrediant); if ($num == -1) { rest_error($ingrediant . " is not a valid ingredient!", 406); return; } $cur = $allPossibles[$num]; } } $table = "orders"; $JSON["TransactionID"] = getTransaction(); } } if ($req[0] == "users") { if (!filter_var($JSON["Email"], FILTER_VALIDATE_EMAIL)) { rest_error("Invalid Email, Please Enter a Valid Email address.", 406); return; } } $stmt = $db->prepare(sql_PUT($table)); $ex = buildJSONInputWProps($table, $JSON); if (is_string($ex)) { rest_error("Property: '" . $ex . "' is not set on provided JSON Object. Your JSON May be Mal-Formed,incorrect for the database or some other error may have occured", 400); return; } $var = $stmt->execute($ex); if ($var) { rest_success('Inputted Successfully Into the DataBase!'); } else { rest_error('Input unsuccessful. Check spelling this is usually thrown when an item should match another tables item.', 406); } /* $stmt = $db->prepare(sql_PUT($req)); $stmt->execute(array(':fname' => $fname, ':lname' => $lname,':email' => $email,':pass' => $password,':verified'=>0));*/ return 0; }
rest_post($table, $id, $db); break; case 'GET': rest_get($table, $id, $db, $params); break; case 'HEAD': rest_head($table, $id, $db); break; case 'DELETE': rest_delete($table, $id, $db); break; case 'OPTIONS': rest_options($table, $id, $db); break; default: rest_error(); break; } } function rest_put($table, $id = null, $db, $data) { /* PUT /shows/123 Updates data of show "123" PUT /shows Updates data of all shows */ // Visitor counter has special method if ($table == 'visitors') { $update = $db->updateVisitorCount(); if ($update == 0) { // All is well }
switch ($method) { case 'PUT': case 'POST': case 'GET': case 'DELETE': //add $funcly = "rest_" . strtolower($method); $funcly($request); break; case 'LOGIN': $var = reqRouter($request, "LOGIN"); if ($var == 1) { rest_success("Successfully logged in..."); return; } else { if ($var == 2) { rest_success(json_encode(["location" => "signin.php"])); return; } else { rest_error("Bad request", 400); return; } } break; case 'OPTIONS': return; break; default: rest_error($request, 400); break; }