public function authApiKey($user, $key)
{
global $postgisdb;
$postgisdb = $user;
$settings_viewer = new Settings_viewer();
$res = $settings_viewer->get();
$apiKey = $res['data']['api_key'];
if ($apiKey == $key && $key != false) {
return true;
} else {
return false;
}
}
function UserIDCheck($sValue, &$oStatus)
{
global $sTable;
global $postgisObject;
global $sUserID;
$sUserID = postgis::toAscii($sValue, NULL, "_");
$sPassword = VDFormat($_POST['Password'], true);
$sPassword = Settings_viewer::encryptPw($sPassword);
ings_viewerssword;
$oStatus->bValid = false;
$oStatus->sErrMsg = "User ID '{$sValue}' already exist";
$sQuery = "SELECT COUNT(*) as count FROM {$sTable} WHERE screenname = '{$sUserID}' AND pw='{$sPassword}'";
$res = $postgisObject->execQuery($sQuery);
$row = $postgisObject->fetchRow($res);
//echo($sQuery);
//die();
if ($row['count'] > 0) {
$oStatus->bValid = 1;
$postgisObject->numRows($res);
} else {
$oStatus->bValid = 0;
}
}
<?php
//include("../../header.php");
include "../server_header.inc";
include "../../inc/oauthcheck.php";
$settings_viewer = new Settings_viewer();
if ($HTTP_RAW_POST_DATA) {
$obj = json_decode($HTTP_RAW_POST_DATA);
}
//print_r($parts);
//print_r($obj);
switch ($parts[4]) {
case "get":
// All tables
$response = $settings_viewer->get();
break;
case "update":
// All tables
$response = $settings_viewer->update($_POST);
break;
case "updatepw":
// All tables
$response = $settings_viewer->updatePw($_POST['pw']);
break;
case "updateapikey":
// All tables
$response = $settings_viewer->updateApiKey();
break;
}
include_once "../server_footer.inc";
<?php
include "../conf/main.php";
include "../libs/functions.php";
include "../model/databases.php";
include "../model/dbchecks.php";
include '../model/settings_viewer.php';
$dbList = new databases();
try {
$arr = $dbList->listAllDbs();
} catch (Exception $e) {
echo $e->getMessage() . "\n";
die;
}
$postgisdb = "mygeocloud";
$postgis = new postgis();
$i = 1;
foreach ($arr['data'] as $db) {
if ($db != "template1" and $db != "template0" and $db != "postgres" and $db != "postgis_template") {
$postgisdb = $db;
//$dbc = new dbcheck();
$viewer = new Settings_viewer();
$arr = $viewer->get();
$sql = "INSERT INTO users(screenname,pw) VALUES('{$db}','{$arr['data']['pw']}')";
$postgis->execQuery($sql);
echo $sql . "\n";
$i++;
}
//if ($i>10) die();
}
<?php
$settings_viewer = new Settings_viewer();
$response = $settings_viewer->get();
// mod_php
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
// most other servers
} elseif (isset($_SERVER['HTTP_AUTHENTICATION'])) {
if (strpos(strtolower($_SERVER['HTTP_AUTHENTICATION']), 'basic') === 0) {
list($username, $password) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
}
if (is_null($username)) {
header('WWW-Authenticate: Basic realm="' . $parts[2] . '"');
header('HTTP/1.0 401 Unauthorized');
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
// Text to send if user hits Cancel button
die("Could not authenticate you 1");
} elseif ($username != $parts[2]) {
header('WWW-Authenticate: Basic realm="' . $parts[2] . '"');
header('HTTP/1.0 401 Unauthorized');
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
// Text to send if user hits Cancel button
$res = $postgisObject->execQuery($sQuery);
$row = $postgisObject->fetchRow($res);
//echo($row['count']);
//die();
if ($row['count'] > 0) {
$oStatus->bValid = 0;
$postgisObject->numRows($res);
} else {
$oStatus->bValid = 1;
}
}
$sUserID = VDFormat($_POST['UserID'], true);
$sPassword = VDFormat($_POST['Password'], true);
$sEmail = VDFormat($_POST['Email'], true);
$sUserID = postgis::toAscii($sUserID, NULL, "_");
$sPassword = Settings_viewer::encryptPw($sPassword);
$sQuery = "INSERT INTO {$sTable} (screenname,pw,email) VALUES('{$sUserID}','{$sPassword}','{$sEmail}')";
$postgisObject->execQuery($sQuery);
$_SESSION['auth'] = true;
$_SESSION['screen_name'] = $sUserID;
//print_r($_SESSION);
?>
</div>
</div>
</div>
</body>
</html>
<?php
if ($_SESSION['auth'] && $_SESSION['screen_name']) {
die("<script>window.location='/user/login/p'</script>");
<?php
set_time_limit(0);
include_once '../server_header.inc';
include_once 'libs/PEAR/Cache_Lite/Lite.php';
include_once 'libs/SQL_Tokenizer.php';
$_REQUEST['q'] = rawurldecode($_REQUEST['q']);
$settings_viewer = new Settings_viewer();
$res = $settings_viewer->get();
$apiKey = $res['data']['api_key'];
$callback = $_GET['jsonp_callback'];
//$array = preg_split("/(\r\n|\n|\r)/", $string);
$response = transaction($_REQUEST['q']);
// Check if $data is set in SELECT section
if (!$data) {
$data = json_encode($response);
}
if ($callback) {
echo $callback . '(' . $data . ');';
} else {
echo $data;
}
/**/
function transaction($sql)
{
global $response, $apiKey, $data, $basePath;
$parsedSQL = SqlParser::ParseString($sql)->getArray();
//$tokens = SqlParser::Tokenize($sql, true);
if (strpos($sql, ';') !== false) {
$response['success'] = false;
$response['message'] = "You can't use ';'. Use the bulk transaction API instead";