*/ //This is an example where authorization is requiered for all tables except for CategoryVisible that is always authorized ArrestDBConfig::auth(["table" => "Category"], function ($method, $table, $id) { return true; }); ArrestDBConfig::auth([], function ($method, $table, $id) { global $user; if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } else { $user = $_SERVER['PHP_AUTH_USER']; $pass = sha1($_SERVER['PHP_AUTH_PW']); $query = ArrestDB::PrepareQueryGET(["TABLE" => "User", "WHERE" => ["email='{$user}'", "password='******'"]]); $result = ArrestDB::Query($query); if (count($result) == 0) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } $user = $result[0]; return true; } }); /* ALLOW (OPTIONAL) It's similar to auth but it's used in other cases when is checked out if it's allowed to execute a method over a table or function. Return true if is allowed. By default all is allowed
} }); ArrestDBConfig::auth([], function ($method, $table, $id) { global $user; if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="Metabrain Project API"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } else { //Prepare params $user = $_SERVER['PHP_AUTH_USER']; //$pass=sha1($_SERVER['PHP_AUTH_PW']); $pass = md5($_SERVER['PHP_AUTH_PW']); //Prepare query $query = ArrestDB::PrepareQueryGET(["TABLE" => "user", "WHERE" => ["email='{$user}'", "password='******'"]]); //Execute query $result = ArrestDB::Query($query); //Check if thereis one result if (count($result) == 0) { header('WWW-Authenticate: Basic realm="Metabrain Project API"'); header('HTTP/1.0 401 Unauthorized'); echo 'Invalid Auth'; exit; } //Set global user $user = $result[0]; return true; } }); /* ALLOW (OPTIONAL)