use Obj\Database; use Obj\Encoder; /** * import WWW object and configure the environment. * additional include statements should not use * absolute pathnames, they should be located on the * include path * get the folder for the web environment * eg www */ $path = explode('/', __FILE__); $env = $path[count($path) - 2]; include '/usr/share/php/' . $env . '/Obj/WWW.php'; $_WWW = new WWW(); $_WWW->configure($env); $db = new Database($_WWW->dbLogin); $args = getopt('u:'); if (!$args['u']) { die('-u user is required' . PHP_EOL); } // check for user in database $res = $db->select('users', 'id', array('username' => $args['u'])); if ($res && ($id = $res[0]['id'])) { echo 'user verified: id = ' . PHP_EOL; $apiKey = Encoder::randomString(); echo 'api key generated: ' . PHP_EOL; $update = $db->update('users', array('api_key' => $apiKey), array('id' => $id)); echo 'apu key stored in database' . PHP_EOL . PHP_EOL; echo "Your api key is:" . PHP_EOL; echo $apiKey . PHP_EOL . PHP_EOL; die;
* eg www */ $path = explode('/', __FILE__); $env = $path[count($path) - 2]; include '/usr/share/php/' . $env . '/Obj/WWW.php'; $_WWW = new WWW(); $_WWW->configure($env); /** * enable CORS by setting the appropriate header */ header('Access-Control-Allow-Origin: *'); /** * verify user by checking api key */ try { $db = new Database($_WWW->{$dbLogin}); $apiKey = $_GET['api']; if (!preg_match('/[a-zA-Z0-9]/', $apiKey)) { throw new Exception('invalid api key'); } $sql = "SELECT u.username, u.api_key, pr.level\n\t\tFROM users u \n\t\tLEFT JOIN privilege pr ON u.privilege = pr.id;\n\t\tWHERE api_key=" . $apiKey; $user = $db->query($sql, PDO::FETCH_ASSOC); if ($user) { // log in as user $user = reset($user); $_SESSION['level'] = $user['level']; /** * parse the url string that has been rewritten to be a * GET var. page requests will be in the format * pageURL or pageURL/. API calls will be in the format * class-name/method or class-name/method/