use Obj\Database;
use Obj\Encoder;
/**
* import WWW object and configure the environment.
* additional include statements should not use
* absolute pathnames, they should be located on the
* include path
* get the folder for the web environment
* eg www
*/
$path = explode('/', __FILE__);
$env = $path[count($path) - 2];
include '/usr/share/php/' . $env . '/Obj/WWW.php';
$_WWW = new WWW();
$_WWW->configure($env);
$db = new Database($_WWW->dbLogin);
$args = getopt('u:');
if (!$args['u']) {
die('-u user is required' . PHP_EOL);
}
// check for user in database
$res = $db->select('users', 'id', array('username' => $args['u']));
if ($res && ($id = $res[0]['id'])) {
echo 'user verified: id = ' . PHP_EOL;
$apiKey = Encoder::randomString();
echo 'api key generated: ' . PHP_EOL;
$update = $db->update('users', array('api_key' => $apiKey), array('id' => $id));
echo 'apu key stored in database' . PHP_EOL . PHP_EOL;
echo "Your api key is:" . PHP_EOL;
echo $apiKey . PHP_EOL . PHP_EOL;
die;
* eg www
*/
$path = explode('/', __FILE__);
$env = $path[count($path) - 2];
include '/usr/share/php/' . $env . '/Obj/WWW.php';
$_WWW = new WWW();
$_WWW->configure($env);
/**
* enable CORS by setting the appropriate header
*/
header('Access-Control-Allow-Origin: *');
/**
* verify user by checking api key
*/
try {
$db = new Database($_WWW->{$dbLogin});
$apiKey = $_GET['api'];
if (!preg_match('/[a-zA-Z0-9]/', $apiKey)) {
throw new Exception('invalid api key');
}
$sql = "SELECT u.username, u.api_key, pr.level\n\t\tFROM users u \n\t\tLEFT JOIN privilege pr ON u.privilege = pr.id;\n\t\tWHERE api_key=" . $apiKey;
$user = $db->query($sql, PDO::FETCH_ASSOC);
if ($user) {
// log in as user
$user = reset($user);
$_SESSION['level'] = $user['level'];
/**
* parse the url string that has been rewritten to be a
* GET var. page requests will be in the format
* pageURL or pageURL/. API calls will be in the format
* class-name/method or class-name/method/