From 9dc5dbe3b6eacae5ea8dc335304edf7007d2ab57 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Sun, 5 Jan 2014 19:33:52 +0100 Subject: cookie-0005-API-add-getApiKey.patch --- includes/controller/api.php | 127 ++++++++++++++++++++++++------ includes/model/NeededAngelTypes_model.php | 10 +-- includes/model/Shifts_model.php | 25 +++++- 3 files changed, 129 insertions(+), 33 deletions(-) (limited to 'includes') diff --git a/includes/controller/api.php b/includes/controller/api.php index 07a389b1..0e77f5a0 100644 --- a/includes/controller/api.php +++ b/includes/controller/api.php @@ -16,16 +16,27 @@ Testing API calls (using curl): $ curl -d '{"key":"","cmd":"getVersion"}' '
/?p=api' -Methods: --------- +Methods without key: +-------------------- getVersion Description: Returns API version. Parameters: nothing Return Example: - {"version": "1"} + {"status":"success","version": "1"} + +getApiKey + Description: + Returns API Key version. + Parameters: + user (string) + pw (string) + Return Example: + {"status":"success","Key":"1234567890123456789012"} +Methods with Key: +----------------- getRoom Description: Returns a list of all Rooms (no id set) or details of a single Room (requested id) @@ -66,7 +77,9 @@ getShift 3 occupied and free Return Example: [{"SID":"1"},{"SID":"2"},{"SID":"3"}] - {"SID":"1","start":"1388185200","end":"1388199600","RID":"1","name":"Shift 1","URL":null,"PSID":null} + {"SID":"10","start":"1388264400","end":"1388271600","RID":"1","name":"Shift 1","URL":null,"PSID":null,\ + "ShiftEntry":[{"TID":"8","UID":"4","freeloaded":"0"}], + "NeedAngels":[{"TID":"8","count":"1","restricted":"0","taken":1},{"TID":"9","count":"2","restricted":"0","taken":0}]} getMessage Description: @@ -87,37 +100,51 @@ getMessage function api_controller() { global $DataJson, $_REQUEST; + header("Content-Type: application/json; charset=utf-8"); + // decode JSON request $input = file_get_contents("php://input"); $input = json_decode($input, true); $_REQUEST = $input; + // get command + $cmd=''; + if (isset($_REQUEST['cmd']) ) + $cmd = strtolower( $_REQUEST['cmd']); + + // decode commands, without key + switch( $cmd) { + case 'getversion': + getVersion(); + die( json_encode($DataJson)); + break; + case 'getapikey': + getApiKey(); + die( json_encode($DataJson)); + break; + } + // get API KEY if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) $key = $_REQUEST['key']; else - die("Missing key."); - + die( json_encode( array ( + 'status' => 'failed', + 'error' => 'Missing parameter "key".' ))); + // check API key $user = User_by_api_key($key); if ($user === false) - die("Unable to find user."); + die( json_encode( array ( + 'status' => 'failed', + 'error' => 'Unable to find user' ))); if ($user == null) - die("Key invalid."); - - // get command - $cmd=''; - if (isset($_REQUEST['cmd']) ) - $cmd = strtolower( $_REQUEST['cmd']); + die( json_encode( array ( + 'status' => 'failed', + 'error' => 'Key invalid.' ))); // decode command switch( $cmd) { - case 'echo': - $DataJson = $input; - break; - case 'getversion': - getVersion(); - break; case 'getroom': getRoom(); break; @@ -134,11 +161,18 @@ function api_controller() { getMessage(); break; default: - die("Unknown Command (". $cmd. ")"); + $DataJson = array ( + 'status' => 'failed', + 'error' => 'Unknown Command "'. $cmd. '"' ); + } + + // check + if( $DataJson === false) { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'DataJson === false' ); } - - header("Content-Type: application/json; charset=utf-8"); echo json_encode($DataJson); die(); } @@ -148,9 +182,54 @@ function api_controller() { */ function getVersion(){ global $DataJson; - $DataJson['Version'] = 1; + + $DataJson = array( + 'status' => 'success', + 'Version' => 1); } + +/** + * Get API Key + */ +function getApiKey(){ + global $DataJson, $_REQUEST; + + if (!isset($_REQUEST['user']) ) { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'Missing parameter "user".' ); + } + elseif (!isset($_REQUEST['pw']) ) { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'Missing parameter "pw".' ); + } else { + $Erg = sql_select( "SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); + + if (count($Erg) == 1) { + $Erg = $Erg[0]; + if (verify_password( $_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { + $key = $Erg["api_key"]; + $DataJson = array( + 'status' => 'success', + 'Key' => $key); + } else { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'PW wrong' ); + } + } else { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'User not found.' ); + } + } + + sleep(1); +} + + /** * Get Room */ @@ -216,4 +295,4 @@ function getMessage(){ } } -?> +?> \ No newline at end of file diff --git a/includes/model/NeededAngelTypes_model.php b/includes/model/NeededAngelTypes_model.php index 9bad22c8..81ce2d5f 100644 --- a/includes/model/NeededAngelTypes_model.php +++ b/includes/model/NeededAngelTypes_model.php @@ -3,14 +3,14 @@ /** * Returns all needed angeltypes and already taken needs. * - * @param Shift $shift + * @param shiftID id of shift */ -function NeededAngelTypes_by_shift($shift) { +function NeededAngelTypes_by_shift($shiftId) { $needed_angeltypes_source = sql_select(" SELECT `NeededAngelTypes`.*, `AngelTypes`.`name`, `AngelTypes`.`restricted` FROM `NeededAngelTypes` JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` - WHERE `shift_id`=" . sql_escape($shift['SID']) . " + WHERE `shift_id`=" . sql_escape($shiftId) . " AND `count` > 0 ORDER BY `room_id` DESC "); @@ -23,7 +23,7 @@ function NeededAngelTypes_by_shift($shift) { SELECT `NeededAngelTypes`.*, `AngelTypes`.`name`, `AngelTypes`.`restricted` FROM `NeededAngelTypes` JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` - WHERE `room_id`=" . sql_escape($shift['RID']) . " + WHERE `room_id`=" . sql_escape($shiftId) . " AND `count` > 0 ORDER BY `room_id` DESC "); @@ -33,7 +33,7 @@ function NeededAngelTypes_by_shift($shift) { $needed_angeltypes = array(); foreach ($needed_angeltypes_source as $angeltype) { - $shift_entries = ShiftEntries_by_shift_and_angeltype($shift['SID'], $angeltype['angel_type_id']); + $shift_entries = ShiftEntries_by_shift_and_angeltype($shiftId, $angeltype['angel_type_id']); if ($shift_entries === false) return false; diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php index 224bfc0b..df47b967 100644 --- a/includes/model/Shifts_model.php +++ b/includes/model/Shifts_model.php @@ -41,7 +41,7 @@ function mShiftList() { if (count($shifts_source) > 0) { return $shifts_source; } -return null; + return null; } /** @@ -51,10 +51,27 @@ return null; */ function mShift($id) { $shifts_source = sql_select("SELECT * FROM `Shifts` WHERE `SID`=" . sql_escape($id) . " LIMIT 1"); + $shiftsEntry_source = sql_select("SELECT `TID` , `UID` , `freeloaded` FROM `ShiftEntry` WHERE `SID`=" . sql_escape($id) ); + if ($shifts_source === false) return false; - if (count($shifts_source) > 0) - return $shifts_source[0]; + if (count($shifts_source) > 0) { + $result = $shifts_source[0]; + + $result['ShiftEntry'] = $shiftsEntry_source; + + $temp = NeededAngelTypes_by_shift($id); + foreach( $temp as $e) + { + $result['NeedAngels'][] = array ( + 'TID' => $e['angel_type_id'], + 'count' => $e['count'], + 'restricted' => $e['restricted'], + 'taken' => $e['taken'] ); + } + + return $result; + } return null; } @@ -71,7 +88,7 @@ function Shifts() { return false; foreach ($shifts_source as &$shift) { - $needed_angeltypes = NeededAngelTypes_by_shift($shift); + $needed_angeltypes = NeededAngelTypes_by_shift($shift['SID']); if ($needed_angeltypes === false) return false; -- cgit v1.2.3-54-g00ecf