use Obj\Database;
use Obj\Encoder;
/**
 * import WWW object and configure the environment.
 * additional include statements should not use
 * absolute pathnames, they should be located on the
 * include path
 * get the folder for the web environment
 * eg www
 */
$path = explode('/', __FILE__);
$env = $path[count($path) - 2];
include '/usr/share/php/' . $env . '/Obj/WWW.php';
$_WWW = new WWW();
$_WWW->configure($env);
$db = new Database($_WWW->dbLogin);
$args = getopt('u:');
if (!$args['u']) {
    die('-u user is required' . PHP_EOL);
}
// check for user in database
$res = $db->select('users', 'id', array('username' => $args['u']));
if ($res && ($id = $res[0]['id'])) {
    echo 'user verified: id = ' . PHP_EOL;
    $apiKey = Encoder::randomString();
    echo 'api key generated: ' . PHP_EOL;
    $update = $db->update('users', array('api_key' => $apiKey), array('id' => $id));
    echo 'apu key stored in database' . PHP_EOL . PHP_EOL;
    echo "Your api key is:" . PHP_EOL;
    echo $apiKey . PHP_EOL . PHP_EOL;
    die;
Пример #2
0
 * eg www
 */
$path = explode('/', __FILE__);
$env = $path[count($path) - 2];
include '/usr/share/php/' . $env . '/Obj/WWW.php';
$_WWW = new WWW();
$_WWW->configure($env);
/**
 * enable CORS by setting the appropriate header
 */
header('Access-Control-Allow-Origin: *');
/**
 * verify user by checking api key
 */
try {
    $db = new Database($_WWW->{$dbLogin});
    $apiKey = $_GET['api'];
    if (!preg_match('/[a-zA-Z0-9]/', $apiKey)) {
        throw new Exception('invalid api key');
    }
    $sql = "SELECT u.username, u.api_key, pr.level\n\t\tFROM users u \n\t\tLEFT JOIN privilege pr ON u.privilege = pr.id;\n\t\tWHERE api_key=" . $apiKey;
    $user = $db->query($sql, PDO::FETCH_ASSOC);
    if ($user) {
        // log in as user
        $user = reset($user);
        $_SESSION['level'] = $user['level'];
        /**
         * parse the url string that has been rewritten to be a 
         * GET var. page requests will be in the format
         * pageURL or pageURL/. API calls will be in the format
         * class-name/method or class-name/method/