//grab the mySQL connection $pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/timecrunch.ini"); //if the user session is empty, the user is not logged in, throw an exception if (empty($_SESSION["user"]) === true) { setXsrfCookie("/"); throw new RuntimeException("Please log-in or sign up", 401); } //determine which HTTP method was used $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; $reply->method = $method; //sanitize the id $id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT); //Handle REST calls if ($method === "GET") { //Set XSRF cookie setXsrfCookie("/"); //Get Request based on given field if (empty($id) === false) { $request = Request::getRequestByRequestId($pdo, $id); if ($request !== null) { $reply->data = $request; } } else { $request = Request::getAllRequests($pdo); if ($request !== null) { $reply->data = $request; } } } elseif ($method === "PUT" || $method === "POST") { $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent);
<?php require_once dirname(__DIR__) . "/lib/xsrf.php"; /** * simple controller simply for handing out an xsrf token when booting the mobile app * * @author Bradley Brown tall.white.ninja@gmail.com */ if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } setXsrfCookie('/');
**/ // verify the session, start if not active if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } $reply = new stdClass(); $reply->status = 200; $reply->data = null; try { $pdo = connectToEncryptedMySQL("/etc/apache2/encrypted-config/ng-abq-dev.ini"); $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; $id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT); $profileId = filter_input(INPUT_GET, "profileId", FILTER_VALIDATE_INT); if ($method === "GET") { //set XSRF cookie setXsrfCookie(); if (empty($id) === false) { $event = Beta\Event::getEventByEventId($pdo, $id); if ($event !== null) { $reply->data = $event; } } else { if (empty($profileId) === false) { $events = Beta\Event::getEventByEventProfileId($pdo, $profileId)->toArray(); if ($events !== null) { $reply->data = $events; } } else { $events = Beta\Event::getAllEvents($pdo)->toArray(); if ($events !== null) { $reply->data = $events;