diff options
Diffstat (limited to 'includes/controller/api.php')
-rw-r--r-- | includes/controller/api.php | 355 |
1 files changed, 0 insertions, 355 deletions
diff --git a/includes/controller/api.php b/includes/controller/api.php deleted file mode 100644 index 9ecd3a2f..00000000 --- a/includes/controller/api.php +++ /dev/null @@ -1,355 +0,0 @@ -<?php - -/************************************************************************************************ - * API Documentation - ************************************************************************************************ - -General: --------- -All API calls output JSON-encoded data. Client parameters should be passed encoded using JSON in HTTP POST data. -Every API Request must be contained the Api Key (using JSON parameter 'key') and the Command (using JSON parameter 'cmd'). - - -Testing API calls (using curl): -------------------------------- -$ curl -d '{"cmd":"getVersion"}' '<Address>/?p=api' -$ curl -d '{"cmd":"getApiKey","user":"admin","pw":"admin"}' '<Address>/?p=api' -$ curl -d '{"key":"<key>","cmd":"getRoom"}' '<Address>/?p=api' -$ curl -d '{"key":"<key>","cmd":"sendmessage","uid":"23","text":"test message"}' '<Address>/?p=api' - -Methods without key: --------------------- -getVersion - Description: - Returns API version. - Parameters: - nothing - Return Example: - {"status":"success","version": "1"} - -getApiKey - Description: - Returns API Key version. - Parameters: - user (string) - pw (string) - Return Example: - {"status":"success","Key":"1234567890123456789012"} - -Methods with Key: ------------------ -getRoom - Description: - Returns a list of all Rooms (no id set) or details of a single Room (requested id) - Parameters: - id (integer) - Room ID - Return Example: - [{"RID":"1"},{"RID":"23"},{"RID":"42"}] - {"RID":"1","Name":"Room Name","Man":null,"FromPentabarf":"","show":"Y","Number":"0"} - -getAngelType - Description: - Returns a list of all Angel Types (no id set) or details of a single Angel Type (requested id) - Parameters: - id (integer) - Type ID - Return Example: - [{"id":"8"},{"id":"9"}] - {"id":"9","name":"Angeltypes 2","restricted":"0"} - -getUser - Description: - Returns a list of all Users (no id set) or details of a single User (requested id) - Parameters: - id (integer) - User ID - Return Example: - [{"UID":"1"},{"UID":"23"},{"UID":"42"}] - {"UID":"1","Nick":"admin","Name":"Gates","Vorname":"Bill","Telefon":"","DECT":"","Handy":"","email":"","jabber":"","Avatar":"115"} - -getShift - Description: - Returns a list of all Shifte (no id set, filter is optional) or details of a single Shift (requested id) - Parameters: - id (integer) - Shift ID - filterRoom (Array of integer) - Array of Room IDs (optional, for list request) - filterTask (Array of integer) - Array if Task (optional, for list request) - filterOccupancy (integer) - Occupancy state: (optional, for list request) - 1 occupied - 2 free - 3 occupied and free - Return Example: - [{"SID":"1"},{"SID":"2"},{"SID":"3"}] - {"SID":"10","start":"1388264400","end":"1388271600","RID":"1","name":"Shift 1","URL":null,"PSID":null,\ - "ShiftEntry":[{"TID":"8","UID":"4","freeloaded":"0"}], - "NeedAngels":[{"TID":"8","count":"1","restricted":"0","taken":1},{"TID":"9","count":"2","restricted":"0","taken":0}]} - -getMessage - Description: - Returns a list of all Messages (no id set) or details of a single Message (requested id) - Parameters: - id (integer) - Message ID - Return Example: - [{"id":"1"},{"id":"2"},{"id":"3"}] - {"id":"3","Datum":"1388247583","SUID":"23","RUID":"42","isRead":"N","Text":"message text"} - -sendMessage - Description: - send a Message to an other angel - Parameters: - uid (integer) - User ID of the reciever - text (string) - Message Text - Return Example: - {"status":"success"} - -************************************************************************************************/ - -/** - * General API Controller - */ -function api_controller() { - global $user, $DataJson; - - header("Content-Type: application/json; charset=utf-8"); - - // decode JSON request - $input = file_get_contents("php://input"); - $input = json_decode($input, true); - $_REQUEST = $input; - - // get command - $cmd = ''; - if (isset($_REQUEST['cmd'])) - $cmd = strtolower($_REQUEST['cmd']); - - // decode commands, without key - switch ($cmd) { - case 'getversion': - getVersion(); - die(json_encode($DataJson)); - break; - case 'getapikey': - getApiKey(); - die(json_encode($DataJson)); - break; - } - - // get API KEY - if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) - $key = $_REQUEST['key']; - else - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Missing parameter "key".' - ))); - - // check API key - $user = User_by_api_key($key); - if ($user === false) - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Unable to find user' - ))); - if ($user == null) - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Key invalid.' - ))); - - // decode command - switch ($cmd) { - case 'getroom': - getRoom(); - break; - case 'getangeltype': - getAngelType(); - break; - case 'getuser': - // TODO Dataleak! Only coordinators are allowed to see so much user informations. - //getUser(); - break; - case 'getshift': - getShift(); - break; - case 'getmessage': - // TODO Dataleak! - //getMessage(); - break; - case 'sendmessage': - sendMessage(); - break; - default: - $DataJson = array( - 'status' => 'failed', - 'error' => 'Unknown Command "' . $cmd . '"' - ); - } - - // check - if ($DataJson === false) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'DataJson === false' - ); - } elseif ($DataJson == null) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'DataJson == null' - ); - } - - echo json_encode($DataJson); - die(); -} - -/** - * Get Version of API - */ -function getVersion() { - global $DataJson; - - $DataJson = array( - 'status' => 'success', - 'Version' => 1 - ); -} - -/** - * Get API Key - */ -function getApiKey() { - global $DataJson; - - if (! isset($_REQUEST['user'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "user".' - ); - } elseif (! isset($_REQUEST['pw'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "pw".' - ); - } else { - $Erg = sql_select("SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); - - if (count($Erg) == 1) { - $Erg = $Erg[0]; - if (verify_password($_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { - $key = $Erg["api_key"]; - $DataJson = array( - 'status' => 'success', - 'Key' => $key - ); - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'PW wrong' - ); - } - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'User not found.' - ); - } - } - - sleep(1); -} - -/** - * Get Room - */ -function getRoom() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Room($_REQUEST['id']); - } else { - $DataJson = Room_ids(); - } -} - -/** - * Get AngelType - */ -function getAngelType() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = AngelType($_REQUEST['id']); - } else { - $DataJson = AngelType_ids(); - } -} - -/** - * Get User - */ -function getUser() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = mUser_Limit($_REQUEST['id']); - } else { - $DataJson = User_ids(); - } -} - -/** - * Get Shift - */ -function getShift() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Shift($_REQUEST['id']); - } else { - $DataJson = Shifts_filtered(); - } -} - -/** - * @TODO: Why are ALL messages of ALL users returned? Data leak. It is not checked if this is my message! - * Get Message - */ -function getMessage() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Message($_REQUEST['id']); - } else { - $DataJson = Message_ids(); - } -} - -/** - * Send Message - */ -function sendMessage() { - global $DataJson; - - if (! isset($_REQUEST['uid'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "uid".' - ); - } elseif (! isset($_REQUEST['text'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "text".' - ); - } else { - if (Message_send($_REQUEST['uid'], $_REQUEST['text']) === true) { - $DataJson = array( - 'status' => 'success' - ); - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Transmitting was terminated with an Error.' - ); - } - } -} - -?> |