$db = new PDO('mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DATABASE . ';charset=utf8', MYSQL_USER, MYSQL_PASSWORD);
// set the PDO error mode to exception
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = sprintf("SELECT * FROM auth WHERE login='******' AND password='******'", $_POST['login'], create_hash($_POST['password']));
$stmt = $db->query($query);
$stmt->setFetchMode(PDO::FETCH_ASSOC);
if ($user = $stmt->fetch()) {
// parse the valid uri's to replace %s with the user id
$user_valid_uri = [];
foreach ($valid_uri[$user['permission']] as $request => $uri_list) {
$parsed_uri_list = [];
foreach ($uri_list as $uri) {
$parsed_uri_list[] = sprintf($uri, $user['id']);
}
$user_valid_uri[$request] = $parsed_uri_list;
}
// parse the valid data to replace %s with the user id
$user_valid_data = [];
foreach ($valid_data[$user['permission']] as $key => $val) {
$user_valid_data[$key] = sprintf($val, $user['id']);
}
// generate a json web token
$payload = ['user_id' => $user['id'], 'permission' => $user['permission'], 'valid_uri' => $user_valid_uri, 'valid_data' => $user_valid_data];
$token = jwt_encode($payload);
$response_http = response_http(201);
}
$db = null;
}
header('Content-Type: application/json; charset=utf-8');
header(sprintf('HTTP/1.0 %s %s', $response_http['status'], $response_http['statusText']));
echo json_encode($token);
$stmt = $db->prepare($query);
$stmt->execute();
$numUsers = $stmt->fetchColumn();
if ($numUsers == 0) {
$permission = ADMIN_PERMISSION;
} else {
$permission = DEFAULT_PERMISSION;
}
// add the user to the database
// generate query
$query = sprintf("INSERT INTO auth (login,password,permission) VALUES ('%s','%s','%s')", $_POST['login'], create_hash($_POST['password']), $permission);
$id = $query;
$stmt = $db->prepare($query);
$stmt->execute();
// get the last inserted id
$stmt = $db->query("SELECT LAST_INSERT_ID()");
$id = $stmt->fetch(PDO::FETCH_NUM);
$id = $id[0];
$response_http = response_http(201);
} else {
$id = -1;
$response_http = response_http(409);
}
$db = null;
}
header('Content-Type: application/json; charset=utf-8');
header(sprintf('HTTP/1.0 %s %s', $response_http['status'], $response_http['statusText']));
echo json_encode($id);
?>
switch (sizeof($loc)) {
case 2:
$query = sprintf("DELETE FROM %s WHERE id=%s", $loc[0], $loc[1]);
break;
case 3:
$query = sprintf("DELETE FROM %s WHERE %s='%s'", $loc[0], $loc[1], $loc[2]);
break;
case 5:
$query = sprintf("DELETE FROM %s WHERE %s='%s' AND %s='%s'", $loc[0], $loc[1], $loc[2], $loc[3], $loc[4]);
break;
}
$stmt = $db->prepare($query);
$stmt->execute();
$response_http = response_http(201);
} else {
$response_http = response_http(403);
}
break;
}
}
// close the connection
$db = null;
// create the response header //////////////////////////////////////////////////
header(sprintf('HTTP/1.0 %s %s', $response_http['status'], $response_http['statusText']));
header('Location: ' . $response_location);
header('Content-Type: application/json; charset=utf-8');
// return the response /////////////////////////////////////////////////////////
echo json_encode($response_data);
////////////////////////////////////////////////////////////////////////////////
// check_uri
////////////////////////////////////////////////////////////////////////////////