// sanitize the fromLocationId $fromLocationId = filter_input(INPUT_GET, "fromLocationId", FILTER_VALIDATE_INT); // sanitize the toLocationId $toLocationId = filter_input(INPUT_GET, "toLocationId", FILTER_VALIDATE_INT); // sanitize the productId $productId = filter_input(INPUT_GET, "productId", FILTER_VALIDATE_INT); // sanitize the userId $userId = filter_input(INPUT_GET, "userId", FILTER_VALIDATE_INT); // sanitize the movementDate $movementDate = filter_input(INPUT_GET, "movementDate", FILTER_VALIDATE_INT); // sanitize the movementType $movementType = filter_input(INPUT_GET, "movementType", FILTER_SANITIZE_STRING); // sanitize the page $page = filter_input(INPUT_GET, "page", FILTER_VALIDATE_INT); // grab the mySQL connection $pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/invtext.ini"); // handle all RESTful calls to Movement // get some or all Movements if ($method === "GET") { // set an XSRF cookie on GET requests setXsrfCookie("/"); if (empty($movementId) === false) { $reply->data = Movement::getMovementByMovementId($pdo, $movementId)->toArray(); } else { if (empty($fromLocationId) === false) { $reply->data = Movement::getMovementByFromLocationId($pdo, $fromLocationId)->toArray(); } else { if (empty($toLocationId) === false) { $reply->data = Movement::getMovementByToLocationId($pdo, $toLocationId)->toArray(); } else { if (empty($productId) === false) {
require_once dirname(dirname(__DIR__)) . "/classes/autoloader.php"; require_once dirname(dirname(__DIR__)) . "/lib/xsrf.php"; require_once "/etc/apache2/capstone-mysql/encrypted-config.php"; use Edu\Cnm\Timecrunchers\Request; use Edu\Cnm\Timecrunchers\Access; //start the session and create a XSRF token if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } //prepare an empty reply $reply = new stdClass(); $reply->status = 200; $reply->data = null; try { //grab the mySQL connection $pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/timecrunch.ini"); //if the user session is empty, the user is not logged in, throw an exception if (empty($_SESSION["user"]) === true) { setXsrfCookie("/"); throw new RuntimeException("Please log-in or sign up", 401); } //determine which HTTP method was used $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; $reply->method = $method; //sanitize the id $id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT); //Handle REST calls if ($method === "GET") { //Set XSRF cookie setXsrfCookie("/"); //Get Request based on given field
// imports xsrf require_once dirname(dirname(__DIR__) . "/lib/xsrf.php"); // a security file that's on the schools server, that Dylan created, so it'll show not found. require_once "/etc/apache2/capstone-mysql/encrypted-config.php"; // prepare the default error message $reply = new stdClass(); $reply->status = 200; $reply->message = null; try { // start the session and create an xsrf token if (session_start() !== PHP_SESSION_ACTIVE) { session_start(); } verifyXsrf(); // connect to the db $pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/sprots.ini"); //determine which HTTP method was used $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; if ($method === "POST") { // convert JSON to an object $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); // sanitize the email, and search by profileEmail $profileEmail = filter_var($requestObject->profileEmail, FILTER_SANITIZE_EMAIL); $profile = Profile::getProfileByProfileEmail($pdo, $profileEmail); if ($profile !== null) { $profileHash = hash_pbkdf2("sha512", $requestObject->password, $profile->getProfileSalt(), 262144, 128); if ($profileHash === $profile->getProfileHash()) { $_SESSION["Profile"] = $profile; $reply->status = 200; $reply->message = "Successfully logged in";
if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } // prepare an empty reply $reply = new stdClass(); $reply->status = 200; $reply->data = null; try { // determine which HTTP method was used $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; // sanitize the userId $userId = filter_input(INPUT_GET, "userId", FILTER_VALIDATE_INT); // sanitize the email $email = filter_input(INPUT_GET, "email", FILTER_SANITIZE_EMAIL); // grab the mySQL connection $pdo = connectToEncryptedMySql("/etc/apache2/ninja-mysql/appsbyninja.ini"); // handle all RESTful calls to User today // get some or all Users if ($method === "GET") { // set an XSRF cookie on GET requests setXsrfCookie("/"); if (empty($userId) === false) { $reply->data = User::getUserByUserId($pdo, $userId); } else { if (empty($email) === false) { $reply->data = User::getUserByEmail($pdo, $email); } else { $reply->data = User::getAllUsers($pdo); } } // post to a new User
*/ //verify the xsrf challenge if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } //prepare an empty reply $reply = new stdClass(); $reply->status = 200; $reply->data = null; try { // create the Pusher connection $config = readConfig("/etc/apache2/capstone-mysql/breadbasket.ini"); $pusherConfig = json_decode($config["pusher"]); $pusher = new Pusher($pusherConfig->key, $pusherConfig->secret, $pusherConfig->id, ["debug" => true, "encrypted" => true]); //grab the mySQL connection $pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/breadbasket.ini"); //if the volunteer session is empty, the user is not logged in, throw an exception if (empty($_SESSION["volunteer"]) === true) { setXsrfCookie("/"); throw new RuntimeException("Please log-in or sign up", 401); } //determine which HTTP method was used $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; //if a put and a volunteer, temporarily give admin access to the user if ($method === "PUT") { $_SESSION["volunteer"]->setVolIsAdmin(true); } //sanitize the id $id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT); //make sure the id is valid for methods that require it if (($method === "DELETE" || $method === "PUT") && (empty($id) === true || $id < 0)) {
// sanitize the class, id, and format $validFormats = array("html", "json", "xml"); $id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT); $class = filter_input(INPUT_GET, "class", FILTER_SANITIZE_STRING); $format = filter_input(INPUT_GET, "format", FILTER_SANITIZE_STRING); if (empty($class) === true) { throw new InvalidArgumentException("invalid class", 405); } if (in_array($format, $validFormats) === false) { throw new InvalidArgumentException("invalid format", 405); } if ($method === "DELETE" && (empty($id) === true || $id < 0)) { throw new InvalidArgumentException("id cannot be empty or negative", 405); } // grab the mySQL connection $pdo = connectToEncryptedMySql("/etc/apache2/data-design/dmcdonald21.ini"); // handle all RESTful calls to Tweet if ($class === "tweet") { // get some or all Tweets if ($method === "GET") { if (empty($id) === false) { $reply->data = Tweet::getTweetByTweetId($pdo, $id); } else { $reply->data = Tweet::getAllTweets($pdo)->toArray(); } // post to an existing Tweet } else { if ($method === "POST") { // convert POSTed JSON to an object verifyXsrf(); $requestContent = file_get_contents("php://input");
if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } // prepare an empty reply $reply = new stdClass(); $reply->status = 200; $reply->data = null; try { // determine which HTTP method was used $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; // sanitize the userId $userId = filter_input(INPUT_GET, "userId", FILTER_VALIDATE_INT); // sanitize the email $email = filter_input(INPUT_GET, "email", FILTER_SANITIZE_EMAIL); // grab the mySQL connection $pdo = connectToEncryptedMySql("/etc/apache2/ecnchurch.ini"); // handle all RESTful calls to User today // get some or all Users if ($method === "GET") { // set an XSRF cookie on GET requests setXsrfCookie("/"); if (empty($userId) === false) { $reply->data = User::getUserByUserId($pdo, $userId); } else { if (empty($email) === false) { $reply->data = User::getUserByEmail($pdo, $email); } else { $reply->data = User::getAllUsers($pdo); } } // post to a new User