Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-12-22 13:52:16 +01:00
Code Issues Projects Releases Packages Wiki Activity

Updated API for PDO.

Browse source
This commit is contained in:
xevidos 2019-02-13 13:43:48 -05:00
parent 879ef59764
commit c10affa6a4
1 changed files with 49 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
api.php
View file

@ -8,12 +8,10 @@
require_once( './config.php' ); require_once( './config.php' );
require_once( './common.php' ); require_once( './common.php' );
require_once( './components/sql/class.sql.php' );
class api { class api {
private $sql = null; private $sql = null;
public $user = null; public $user = null;
public function __construct() { public function __construct() {
@ -23,30 +21,51 @@ class api {
"user", "user",
); );
if( isset( $_POST["action"] ) ) {
$request = $_POST;
} elseif( isset( $_GET["action"] ) ) {
$request = $_GET;
} else {
$this->return( "error", "Error, action was expected but not recieved." );
}
foreach( $requirements as $requirement ) { foreach( $requirements as $requirement ) {
if( ! isset( $_POST[$requirement] ) ) { if( ! isset( $request[$requirement] ) ) {
$this->return( "error", "Error, '$requirement' was expected but not recieved." ); $this->return( "error", "Error, '$requirement' was expected but not recieved." );
} }
} }
if( isset( $_POST["action"] ) ) { if( isset( $request["action"] ) ) {
$action = $_POST["action"]; $action = $request["action"];
if( $action === "get_token" ) { if( $action === "get_token" ) {
if( isset( $_POST["user"] ) && isset( $_POST["password"] ) ) { if( isset( $request["user"] ) && isset( $request["password"] ) ) {
$this->get_token( $_POST["user"], $_POST["password"] ); $this->get_token( $request["user"], $request["password"] );
} }
exit(); exit();
} }
$this->user = $_POST["user"]; if( ! isset( $request["token"] ) ) {
$_SESSION["user"] = $_POST["user"];
$_SESSION["token"] = $_POST["token"]; $this->return( "error", "Error, token was expected but not recieved." );
}
if( ! isset( $request["atts"] ) ) {
$this->return( "error", "Error, atts were expected but not recieved." );
}
$this->user = $request["user"];
$_SESSION["user"] = $request["user"];
$_SESSION["token"] = $request["token"];
@ -58,11 +77,11 @@ class api {
//require_once( "./components/settings/class.settings.php" ); //require_once( "./components/settings/class.settings.php" );
//require_once( "./components/user/class.user.php" ); //require_once( "./components/user/class.user.php" );
$atts = json_decode( $_POST["atts"], true ); $atts = json_decode( $request["atts"], true );
if ( json_last_error() !== JSON_ERROR_NONE ) { if ( json_last_error() !== JSON_ERROR_NONE ) {
$atts = $_POST["atts"]; $atts = $request["atts"];
} }
call_user_func( array( $this, $action ), $atts ); call_user_func( array( $this, $action ), $atts );
} else { } else {
@ -75,15 +94,18 @@ class api {
function check_session() { function check_session() {
global $sql;
$pass = false; $pass = false;
$sql = "SELECT * FROM users WHERE username=? AND token=?;"; $query = "SELECT * FROM users WHERE username=? AND token=?;";
$bind = "ss"; $bind_variables = array( $_SESSION["user"], sha1( $_SESSION["token"] ) );
$bind_variables = array( $_SESSION["user"], $_SESSION["token"] ); $return = $sql->query( $query, $bind_variables, 0, "rowCount" );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking access." ) );
if( mysqli_num_rows( $return ) > 0 ) { if( $return > 0 ) {
$pass = true; $pass = true;
} else {
$pass = false;
} }
return( $pass ); return( $pass );
@ -127,32 +149,23 @@ class api {
function get_token( $username, $password ) { function get_token( $username, $password ) {
global $sql;
$pass = false; $pass = false;
$sql = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );"; $query = "SELECT * FROM users WHERE username=? AND password=?;";
$bind = "ss";
$bind_variables = array( $username, $this->encrypt( $password ) ); $bind_variables = array( $username, $this->encrypt( $password ) );
$return = sql::sql( $sql, $bind, $bind_variables, "Error fetching user information." ); $return = $sql->query( $query, $bind_variables, array() );
if( mysqli_num_rows( $return ) > 0 ) { if( ! empty( $return ) ) {
$pass = true; $pass = true;
$user = mysqli_fetch_assoc( $return ); $user = $return[0];
$_SESSION['user'] = $username; $_SESSION['user'] = $username;
if( $user["token"] == null ) { $token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['token'] = $token;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) ); $query = "UPDATE users SET token=? WHERE username=?;";
$_SESSION['token'] = $token; $bind_variables = array( sha1( $token ), $username );
$sql = "UPDATE users SET token=PASSWORD( ? ) WHERE username=?;"; $sql->query( $query, $bind_variables, 0, "rowCount" );
$bind = "ss";
$bind_variables = array( $token, $username );
sql::sql( $sql, $bind, $bind_variables, "Error updating user information." );
} else {
$token = $user["token"];
$_SESSION['token'] = $token;
}
} }
if( $pass ) { if( $pass ) {