Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-12-22 13:52:16 +01:00
Code Issues Projects Releases Packages Wiki Activity
codiad/api.php

197 lines
4.3 KiB
PHP
Raw Permalink Normal View History

Initial API file.
2019-02-09 22:20:03 +01:00
<?php
/*
* Copyright (c) Codiad & Kent Safranski (codiad.com), and Isaac Brown (telaaedifex.com), distributed
* as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
require_once( './config.php' );
require_once( './common.php' );
class api {
private $sql = null;
public $user = null;
public function __construct() {
$requirements = array(
"action",
"user",
);
Updated API for PDO.
2019-02-13 19:43:48 +01:00
if( isset( $_POST["action"] ) ) {
$request = $_POST;
} elseif( isset( $_GET["action"] ) ) {
$request = $_GET;
} else {
$this->return( "error", "Error, action was expected but not recieved." );
}
Initial API file.
2019-02-09 22:20:03 +01:00
foreach( $requirements as $requirement ) {
Updated API for PDO.
2019-02-13 19:43:48 +01:00
if( ! isset( $request[$requirement] ) ) {
Initial API file.
2019-02-09 22:20:03 +01:00
$this->return( "error", "Error, '$requirement' was expected but not recieved." );
}
}
Updated API for PDO.
2019-02-13 19:43:48 +01:00
if( isset( $request["action"] ) ) {
Initial API file.
2019-02-09 22:20:03 +01:00
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$action = $request["action"];
Initial API file.
2019-02-09 22:20:03 +01:00
if( $action === "get_token" ) {
Updated API for PDO.
2019-02-13 19:43:48 +01:00
if( isset( $request["user"] ) && isset( $request["password"] ) ) {
Initial API file.
2019-02-09 22:20:03 +01:00
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$this->get_token( $request["user"], $request["password"] );
Initial API file.
2019-02-09 22:20:03 +01:00
}
exit();
}
Updated API for PDO.
2019-02-13 19:43:48 +01:00
if( ! isset( $request["token"] ) ) {
$this->return( "error", "Error, token was expected but not recieved." );
}
if( ! isset( $request["atts"] ) ) {
$this->return( "error", "Error, atts were expected but not recieved." );
}
$this->user = $request["user"];
$_SESSION["user"] = $request["user"];
$_SESSION["token"] = $request["token"];
Initial API file.
2019-02-09 22:20:03 +01:00
if( $this->check_session() ) {
require_once( "./components/filemanager/class.dirzip.php" );
//require_once( "./components/filemanager/class.filemanager.php" );
//require_once( "./components/project/class.project.php" );
//require_once( "./components/settings/class.settings.php" );
//require_once( "./components/user/class.user.php" );
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$atts = json_decode( $request["atts"], true );
Initial API file.
2019-02-09 22:20:03 +01:00
if ( json_last_error() !== JSON_ERROR_NONE ) {
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$atts = $request["atts"];
Initial API file.
2019-02-09 22:20:03 +01:00
}
call_user_func( array( $this, $action ), $atts );
} else {
$this->return( "error", "Error, unauthenticated. " . var_dump( $_SESSION["token"] ) );
}
exit();
}
}
function check_session() {
Updated API for PDO.
2019-02-13 19:43:48 +01:00
global $sql;
Initial API file.
2019-02-09 22:20:03 +01:00
$pass = false;
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$query = "SELECT * FROM users WHERE username=? AND token=?;";
$bind_variables = array( $_SESSION["user"], sha1( $_SESSION["token"] ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
Initial API file.
2019-02-09 22:20:03 +01:00
Updated API for PDO.
2019-02-13 19:43:48 +01:00
if( $return > 0 ) {
Initial API file.
2019-02-09 22:20:03 +01:00
$pass = true;
Updated API for PDO.
2019-02-13 19:43:48 +01:00
} else {
$pass = false;
Initial API file.
2019-02-09 22:20:03 +01:00
}
return( $pass );
}
function encrypt( $string ) {
return( sha1( md5( $string ) ) );
}
function get_file( $atts ) {
}
function get_folder( $atts ) {
$folder = $atts["path"];
if( checkPath( $folder ) ) {
$targetPath = DATA . '/';
$dir = WORKSPACE . '/' . $folder;
$filename = explode( "/", $folder );
$filename = array_pop( $filename ) . "-" . date( 'Y.m.d' );
$filename .= '.zip';
$download_file = $targetPath . $filename;
DirZip::zipDir( $dir, $download_file );
$file = file_get_contents( $download_file );
unlink( $download_file );
$this->return( "success", $file );
} else {
$this->return( "error", "No access to folder: " . $folder );
}
}
function get_token( $username, $password ) {
Updated API for PDO.
2019-02-13 19:43:48 +01:00
global $sql;
Initial API file.
2019-02-09 22:20:03 +01:00
$pass = false;
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$query = "SELECT * FROM users WHERE username=? AND password=?;";
Initial API file.
2019-02-09 22:20:03 +01:00
$bind_variables = array( $username, $this->encrypt( $password ) );
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$return = $sql->query( $query, $bind_variables, array() );
Initial API file.
2019-02-09 22:20:03 +01:00
Updated API for PDO.
2019-02-13 19:43:48 +01:00
if( ! empty( $return ) ) {
Initial API file.
2019-02-09 22:20:03 +01:00
$pass = true;
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$user = $return[0];
Initial API file.
2019-02-09 22:20:03 +01:00
$_SESSION['user'] = $username;
Updated API for PDO.
2019-02-13 19:43:48 +01:00
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['token'] = $token;
$query = "UPDATE users SET token=? WHERE username=?;";
$bind_variables = array( sha1( $token ), $username );
$sql->query( $query, $bind_variables, 0, "rowCount" );
Initial API file.
2019-02-09 22:20:03 +01:00
}
if( $pass ) {
$this->return( "success", $token );
} else {
$this->return( "error", "Incorrect Username or Password" );
}
}
function return( $status, $value ) {
//$return = json_encode( array( $status, $value ) );
exit( $value );
}
}
new api();
?>
<!DOCTYPE HTML>
<html>
<head>
<title><?php echo SITE_NAME . "API";?></title>
</head>
<body>
</body>
</html>
Reference in a new issue Copy permalink