function performGet()
{
withDatabase(function ($database) {
$id = getParameter(PARAMETER_ID);
$dataType = getParameter(PARAMETER_DATA_TYPE);
$statement = null;
if ($id) {
// get by id
$statement = $database->prepare('SELECT * FROM DATA WHERE id=?');
$statement->bind_param("s", $id);
} else {
if ($dataType) {
// list
$statement = $database->prepare('SELECT * FROM DATA WHERE dataType=?');
$statement->bind_param("s", $dataType);
} else {
badRequest("missing parameter 'id' or 'dataType'");
}
}
executeStatement($statement);
$result = $statement->get_result();
if ($id) {
resultToJsonObject($result);
} else {
if ($dataType) {
resultToJsonArray($result);
}
}
$statement->close();
});
}
public function getPosts($args)
{
//Get post
if (isset($args["postId"])) {
return $this->getPostById($args, $args["postId"]);
}
//Get posts for event
if (isset($args["eventId"])) {
$eventId = $args["eventId"];
$before = "9999-12-31";
$after = "1000-01-01";
if (isset($args["before"])) {
$before = $args["before"];
}
if (isset($args["after"])) {
$after = $args["after"];
}
return $this->getPostsBetweenDates($args, $eventId, $before, $after);
}
//Get posts for search term
if (isset($args["searchTerm"])) {
return $this->getPostsWithSearchTerm($args);
}
//Get posts for userId
if (isset($args["userId"])) {
return $this->getPostsByPublicId($args);
}
return $this->io - badRequest("Either the post id, a search term or the event id must be set", $args);
}
function executeStatement($statement)
{
if (!$statement->execute()) {
$errorMessage = 'Error executing MySQL query: ' . $statement->error;
$statement->close();
badRequest($errorMessage);
}
}
function assertNotEmpty($string, $errorMessage = "bad request")
{
if (empty($string)) {
debug("not empty string: {$errorMessage}");
badRequest($errorMessage);
die;
} else {
return $string;
}
}
public function getEvents($args)
{
if (isset($args["eventId"])) {
$eventID = intval($args["eventId"]);
return $this->getEventById($args, $eventID);
}
if (isset($args["latitude"]) && isset($args["longitude"])) {
$latitude = $args["latitude"];
$longitude = $args["longitude"];
return $this->getEventsSortedByDistance($args, $latitude, $longitude);
}
return $this->io - badRequest("Either event id or latitude and longitude must be set", $args);
}
function run()
{
$method = strtolower($_SERVER["REQUEST_METHOD"]);
$id = ltrim($_SERVER["REQUEST_URI"], dirname($_SERVER["SCRIPT_NAME"]));
$id = $id !== '' ? $id : null;
$items = array(array('id' => 0, 'title' => 'Title 1', 'format' => 1, 'releaseDate' => '2012-12-21', 'price' => '100', 'publish' => false, 'info' => ''), array('id' => 1, 'title' => 'Title 2', 'format' => 1, 'releaseDate' => '2013-12-21', 'price' => '50', 'publish' => false, 'info' => ''), array('id' => 2, 'title' => 'Title 3', 'format' => 1, 'releaseDate' => '2014-12-21', 'price' => '1000', 'publish' => false, 'info' => ''));
switch ($method) {
case 'get':
return $id === null ? listing($items) : detail($id, $items);
case 'post':
return $id === null ? create() : badRequest();
case 'put':
return $id !== null ? update($id) : badRequest();
case 'delete':
return $id !== null ? remove($id) : badRequest();
}
return badRequest();
}
/**
* Validate get parameters, and die with bad request.
*
* @param string $value The value to validate.
*
* @return void
*/
function validate($value)
{
if (preg_match('#[^a-zA-Z0-9_\\|]#', $value)) {
badRequest();
}
}
$kind = post('kind', 'bad');
$nom = post('nom');
$cognoms = post('cognoms');
$telefon = post('telefon');
$email = post('email');
$municipi = post('municipi');
$adreca = post('adreca');
$comentari = post('comentari');
// Optional params
$yuemail = post('yuemail', 666);
$filledbyspammers = $yuemail != 666;
} catch (MissingField $e) {
badRequest($e->getMessage());
}
if (!in_array($kind, array("diy", "pressupost", "dubtes", "connectivitat"))) {
badRequest("Not the proper form");
}
$subject = "[GuifiBaix Web] {$kind}: {$nom} {$cognoms}";
if ($filledbyspammers) {
exit;
$subject = "[GuifiBaix Web] SPAM comment received";
}
if ($debug) {
echo '</pre>';
}
$yaml_file = <<<EOF
name: {$nom}
familyname: {$cognoms}
type: {$kind}
contact:
phone:
badRequest();
}
switch ($_REQUEST["action"]) {
case "newAction":
if (empty($_REQUEST["index"])) {
badRequest();
}
$index = $_REQUEST["index"];
if (!is_numeric($index)) {
badRequest();
}
if (empty($_REQUEST["layerAction"]) || strtolower($_REQUEST["layerAction"]) != 'true') {
$layerAction = FALSE;
} else {
$layerAction = true;
}
printf("%s", GUI::createActionSubtable($index, new POIAction(), $layerAction));
exit;
case "newAnimation":
if (empty($_REQUEST["index"])) {
badRequest();
}
$index = $_REQUEST["index"];
if (!is_numeric($index)) {
badRequest();
}
printf("%s", GUI::createAnimationSubtable($index, "", new Animation()));
exit;
default:
badRequest();
}
function clientLogin($email, $pass)
{
//http://web.archive.org/web/20130604091042/http://undoc.in/clientLogin.html
logMe('clientLogin(' . $email . ")\n");
if (ctype_alnum($email)) {
if (!function_exists('password_verify')) {
include_once LIB_PATH . '/password_compat.php';
}
$conf = get_user_configuration($email);
if (is_null($conf)) {
Minz_Log::warning('Invalid API user ' . $email . ': configuration cannot be found.');
unauthorized();
}
if ($conf->apiPasswordHash != '' && password_verify($pass, $conf->apiPasswordHash)) {
header('Content-Type: text/plain; charset=UTF-8');
$system_conf = Minz_Configuration::get('system');
$auth = $email . '/' . sha1($system_conf->salt . $email . $conf->apiPasswordHash);
echo 'SID=', $auth, "\n", 'Auth=', $auth, "\n";
exit;
} else {
Minz_Log::warning('Password API mismatch for user ' . $email);
unauthorized();
}
} else {
badRequest();
}
die;
}
/**
* Envia uma notificação
*/
function sendNotification()
{
global $log;
$notification = null;
$app = Slim::getInstance();
try {
// leitura da notificação informado no post
$input = json_decode($app->request()->getBody());
$log->Debug(sprintf("api - sendNotification - %s", print_r($input, true)));
if (!$input || !isset($input->message) && !isset($input->data) || !isset($input->users)) {
throw new \InvalidArgumentException("A requisição náo contém todos os dados necessários.");
}
$devices = array();
$userIds = array();
foreach ($input->users as $item) {
if (!isset($item->userId)) {
throw new \InvalidArgumentException("A requisição não contém todos os dados necessários.");
}
$userIds[] = $item->userId;
}
$devices = DeviceManager::getDevicesByUsers($userIds);
$message = isset($input->message) ? $input->message : null;
$data = isset($input->data) ? json_decode(json_encode($input->data), true) : null;
$notification = new Notification($devices, $message, $data);
} catch (Exception $e) {
badRequest($e, $log);
return;
}
$pushController = new PushController();
try {
$notificationResult = $pushController->send($notification);
$app->response()->header('Content-Type', 'application/json');
echo json_encode($notificationResult);
} catch (Exception $e) {
internalServerError($e, $log);
}
}
case 'PUT':
if (array_key_exists($employeeId, $employees)) {
if (array_key_exists('name', $requestData)) {
$name = $requestData['name'];
} else {
$name = array_key_exists('name', $employees[$employeeId]) ? $employees[$employeeId]['name'] : null;
}
if (array_key_exists('age', $requestData)) {
$age = (int) $requestData['age'];
} else {
$age = array_key_exists('age', $employees[$employeeId]) ? $employees[$employeeId]['age'] : null;
}
$employees[$employeeId] = array('name' => $name, 'age' => $age);
file_put_contents($file, serialize($employees));
} else {
badRequest('Unable to update because the employee does not exist.');
}
break;
case 'DELETE':
if (array_key_exists($employeeId, $employees)) {
unset($employees[$employeeId]);
file_put_contents($file, serialize($employees));
} else {
badRequest('Unable to delete because the employee does not exist.');
}
break;
default:
badRequest('Unsupported REST request.');
break;
}
exit(json_encode(true));
function handleRequest($handlerArray)
{
$method = getRequestMethod();
debug("Request method: {$method}");
$handler = $handlerArray[$method];
if ($handler != null) {
$handler();
} else {
badRequest("Method not supported: " . $method);
}
}
function sendEmail($args)
{
if (!isset($args["senderName"])) {
return badRequest("Sender name was missing", $args);
}
if (!isset($args["senderEmail"])) {
return badRequest("Sender email was missing", $args);
}
if (!isset($args["senderWebsite"])) {
return badRequest("Sender website was missing", $args);
}
if (!isset($args["message"])) {
return badRequest("Message was missing", $args);
}
$senderName = $args["senderName"];
$senderEmail = $args["senderEmail"];
$senderWebsite = $args["senderWebsite"];
$msg = $args["message"];
$headers = "From: " . $senderEmail;
$message = "Message from " . $senderName . " at " . $senderEmail . "\n\n" . "Message: \n" . $msg;
mail("*****@*****.**", "Message from WebSite", $message, $headers);
return [];
}
$app->post('/api/bids/place', function (Request $request, Response $response) {
if (!array_key_exists('cst_session_id', $request->getCookieParams())) {
logger($this)->addWarning('No contractor session id', getPath($request));
return forbidden($response);
}
$customerSessionId = $request->getCookieParams()["cst_session_id"];
$customer = getCustomer($customerSessionId);
if (!isset($customer)) {
logger($this)->addWarning('No contractor found by session id', array('cst_session_id' => $customerSessionId, 'uri' => $request->getUri()->getPath()));
return forbidden($response);
}
$bid = json_decode($request->getBody());
list($product, $amount, $price) = parseBid($bid);
if (!isset($product)) {
logger($this)->addWarning('Wrong bid', getPath($request));
return badRequest($response);
}
$customerId = $customer['id'];
if ($price > $customer['amount']) {
logger($this)->addWarning("Customer doesn't have enough funds to place the bid with price", array('customer_id' => $customerId, 'price' => $price));
return conflict($response);
}
try {
$bidId = insertBid($product, $amount, $price, $customerId);
$response->getBody()->write("api/bids/{$bidId}");
return $response->withStatus(201);
} catch (PDOException $e) {
return handleError($e, $response);
}
});
// LOGOUT
