示例#1
0
    $db = new PDO('mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DATABASE . ';charset=utf8', MYSQL_USER, MYSQL_PASSWORD);
    // set the PDO error mode to exception
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $query = sprintf("SELECT * FROM auth WHERE login='******' AND password='******'", $_POST['login'], create_hash($_POST['password']));
    $stmt = $db->query($query);
    $stmt->setFetchMode(PDO::FETCH_ASSOC);
    if ($user = $stmt->fetch()) {
        // parse the valid uri's to replace %s with the user id
        $user_valid_uri = [];
        foreach ($valid_uri[$user['permission']] as $request => $uri_list) {
            $parsed_uri_list = [];
            foreach ($uri_list as $uri) {
                $parsed_uri_list[] = sprintf($uri, $user['id']);
            }
            $user_valid_uri[$request] = $parsed_uri_list;
        }
        // parse the valid data to replace %s with the user id
        $user_valid_data = [];
        foreach ($valid_data[$user['permission']] as $key => $val) {
            $user_valid_data[$key] = sprintf($val, $user['id']);
        }
        // generate a json web token
        $payload = ['user_id' => $user['id'], 'permission' => $user['permission'], 'valid_uri' => $user_valid_uri, 'valid_data' => $user_valid_data];
        $token = jwt_encode($payload);
        $response_http = response_http(201);
    }
    $db = null;
}
header('Content-Type: application/json; charset=utf-8');
header(sprintf('HTTP/1.0 %s %s', $response_http['status'], $response_http['statusText']));
echo json_encode($token);
示例#2
0
        $stmt = $db->prepare($query);
        $stmt->execute();
        $numUsers = $stmt->fetchColumn();
        if ($numUsers == 0) {
            $permission = ADMIN_PERMISSION;
        } else {
            $permission = DEFAULT_PERMISSION;
        }
        // add the user to the database
        // generate query
        $query = sprintf("INSERT INTO auth (login,password,permission)  VALUES ('%s','%s','%s')", $_POST['login'], create_hash($_POST['password']), $permission);
        $id = $query;
        $stmt = $db->prepare($query);
        $stmt->execute();
        // get the last inserted id
        $stmt = $db->query("SELECT LAST_INSERT_ID()");
        $id = $stmt->fetch(PDO::FETCH_NUM);
        $id = $id[0];
        $response_http = response_http(201);
    } else {
        $id = -1;
        $response_http = response_http(409);
    }
    $db = null;
}
header('Content-Type: application/json; charset=utf-8');
header(sprintf('HTTP/1.0 %s %s', $response_http['status'], $response_http['statusText']));
echo json_encode($id);
?>

示例#3
0
                switch (sizeof($loc)) {
                    case 2:
                        $query = sprintf("DELETE FROM %s WHERE id=%s", $loc[0], $loc[1]);
                        break;
                    case 3:
                        $query = sprintf("DELETE FROM  %s WHERE %s='%s'", $loc[0], $loc[1], $loc[2]);
                        break;
                    case 5:
                        $query = sprintf("DELETE FROM  %s WHERE %s='%s' AND %s='%s'", $loc[0], $loc[1], $loc[2], $loc[3], $loc[4]);
                        break;
                }
                $stmt = $db->prepare($query);
                $stmt->execute();
                $response_http = response_http(201);
            } else {
                $response_http = response_http(403);
            }
            break;
    }
}
// close the connection
$db = null;
// create the response header //////////////////////////////////////////////////
header(sprintf('HTTP/1.0 %s %s', $response_http['status'], $response_http['statusText']));
header('Location: ' . $response_location);
header('Content-Type: application/json; charset=utf-8');
// return the response /////////////////////////////////////////////////////////
echo json_encode($response_data);
////////////////////////////////////////////////////////////////////////////////
// check_uri
////////////////////////////////////////////////////////////////////////////////