Skip to content

Commit e0ec631

Browse files
yurychikayurychika
committedFeb 3, 2015
update
1 parent c47806b commit e0ec631

File tree

10 files changed

+3281
-152
lines changed

10 files changed

+3281
-152
lines changed
 

‎application/config/rest.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -227,7 +227,7 @@
227227
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
228228
|
229229
*/
230-
$config['rest_enable_keys'] = FALSE;
230+
$config['rest_enable_keys'] = true;
231231

232232
/*
233233
|--------------------------------------------------------------------------

‎application/controllers/REST/timezone.php

+84-111
Original file line numberDiff line numberDiff line change
@@ -16,18 +16,20 @@
1616
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
1717
require APPPATH.'/libraries/REST_Controller.php';
1818

19-
class Timezone extends REST_Controller
20-
{
19+
class Timezone extends REST_Controller {
2120
function isAuth(){
2221
$id = $this->session->userdata('id');
2322
return isset($id) && $id > 0;
2423
}
2524

2625
function get_get(){
27-
if(!$this->isAuth()){
28-
$this->response(array('error' => 'no login'), 200);
29-
}else{
26+
// if(!$this->isAuth()){
27+
// $this->response(array('error' => 'no login'), 200);
28+
// }else{
3029
$id = $this->session->userdata('id');
30+
if (!is_numeric($id)) {
31+
$this->response(array('error' => 'invalid user id'), 403);
32+
}
3133
$query = $this->db->query("SELECT * FROM timezone WHERE user_id={$id}");
3234
$result = $query->result();
3335
$data = array();
@@ -39,7 +41,7 @@ function get_get(){
3941
// $item->comments = $this->getComments($item->id);
4042
}
4143
$this->response(array('data' => $result), 200);
42-
}
44+
// }
4345
}
4446

4547
function getComments($id){
@@ -50,11 +52,31 @@ function getComments($id){
5052

5153
// function update_post(){
5254
function update_put(){
53-
if (!$this->isAuth()) {
54-
$this->response(array('error' => 'no login'), 200);
55-
} else {
55+
// if (!$this->isAuth()) {
56+
// $this->response(array('error' => 'no login'), 200);
57+
// } else {
5658
$id = $this->put('id');
57-
$user_id = $this->session->userdata('id');
59+
// $user_id = $this->session->userdata('id');
60+
$name = $this->put('name');
61+
$city = $this->put('city');
62+
$timezone = $this->put('timezone');
63+
$apikey = $this->put('apikey');
64+
65+
66+
if (empty($name) || empty($city) || empty($timezone) || empty($id) || empty($apikey) ||
67+
strlen($name) > 20 || strlen($city) > 20 || !preg_match('/^GMT[\+\-]1?\d$/', $timezone)){
68+
$this->response(array('status' => 'false', 'error' => 'invalid input'), 403);
69+
}
70+
71+
$query = $this->db->query("SELECT * FROM `keys` WHERE `key`='{$apikey}'");
72+
if ($query->num_rows == 1) {
73+
$result = $query->result();
74+
// var_dump($result[0]);
75+
$user_id = $result[0];
76+
$user_id = $user_id->user_id;
77+
} else {
78+
$this->response(array('status' => 'false', 'error' => 'Wrong API key'), 403);
79+
}
5880
$data = array(
5981
'name' => $this->put('name'),
6082
'city' => $this->put('city'),
@@ -76,18 +98,47 @@ function update_put(){
7698
}else{
7799
$this->response(array('status' => 'not exists', 'error' => 'not exists'), 200);
78100
}
79-
}
101+
// }
80102
}
81103

82104
function add_post() {
83-
if (!$this->isAuth()) {
84-
$this->response(array('error' => 'no login'), 200);
85-
} else {
105+
106+
// if (!$this->isAuth()) {
107+
// $this->response(array('error' => 'no login'), 200);
108+
// } else {
109+
$name = $this->post('name');
110+
$city = $this->post('city');
111+
$timezone = $this->post('timezone');
112+
$apikey = $this->post('apikey');
113+
114+
// echo substr($timezone, 0, 3);
115+
// if (empty($name) || empty($city) || empty($timezone)
116+
// || strlen($name) > 20 || strlen($city) > 20 || substr($timezone, 0, 3) != 'GMT') {
117+
// header("HTTP/1.1 200 OK");
118+
// echo json_encode(array('status' => 'invalid parameters'));
119+
// return;
120+
// }
121+
122+
if (empty($name) || empty($city) || empty($timezone) || empty($apikey) ||
123+
strlen($name) > 20 || strlen($city) > 20 || !preg_match('/^GMT[\+\-]1?\d$/', $timezone)){
124+
$this->response(array('status' => 'false', 'error' => 'invalid input'), 403);
125+
}
126+
127+
$query = $this->db->query("SELECT * FROM `keys` WHERE `key`='{$apikey}'");
128+
if ($query->num_rows == 1) {
129+
$result = $query->result();
130+
// var_dump($result[0]);
131+
$user_id = $result[0];
132+
$user_id = $user_id->user_id;
133+
} else {
134+
$this->response(array('status' => 'false', 'error' => 'Wrong API key'), 403);
135+
}
86136
$data = array(
87137
'name' => $this->post('name'),
88138
'city' => $this->post('city'),
89139
'timezone' => $this->post('timezone'),
90-
'user_id' => $this->session->userdata('id')
140+
// 'user_id' => $this->session->userdata('id')
141+
'user_id' => $user_id
91142
);
92143

93144
$this->db->insert('timezone', $data);
@@ -100,7 +151,7 @@ function add_post() {
100151
}
101152

102153
$this->response(array('status' => 'fail'), 200);
103-
}
154+
// }
104155
}
105156

106157
function addComment_post(){
@@ -126,12 +177,23 @@ function addComment_post(){
126177
}
127178

128179
// function delete_post(){
129-
function delete_delete(){
130-
if (!$this->isAuth()) {
131-
$this->response(array('error' => 'no login'), 200);
132-
} else {
180+
function delete_post(){
181+
// if (!$this->isAuth()) {
182+
// $this->response(array('error' => 'no login'), 200);
183+
// } else {
133184
$id = $this->get('id');
134-
$query = $this->db->query("SELECT * from timezone WHERE id={$id} ");
185+
$apikey = $this->post('apikey');
186+
// echo 'delete' . $apikey;
187+
$query = $this->db->query("SELECT * FROM `keys` WHERE `key`='{$apikey}'");
188+
if ($query->num_rows == 1) {
189+
$result = $query->result();
190+
// var_dump($result[0]);
191+
$user_id = $result[0];
192+
$user_id = $user_id->user_id;
193+
} else {
194+
$this->response(array('status' => 'false', 'error' => 'Wrong API key'), 403);
195+
}
196+
$query = $this->db->query("SELECT * from timezone WHERE id='{$id}' AND user_id='{$user_id}'");
135197

136198
if ($query->num_rows === 0) { //nothing to delete in the DB
137199
$this->response(array('status' => 'not exists'), 200);
@@ -140,95 +202,6 @@ function delete_delete(){
140202
$this->db->query("DELETE from timezone where id='{$id}' ");
141203
$this->response(array('status' => 'success'), 200);
142204
}
143-
}
144-
}
145-
146-
function login_post(){
147-
$username = $this->post('username');
148-
$password = $this->post('password');
149-
$password = md5($password);
150-
151-
$query = $this->db->query("SELECT username, password FROM user WHERE username='{$username}' and password='{$password}' ");
152-
if($query->num_rows > 0){
153-
$this->response(array('status' => 'successs'), 200);
154-
}else{
155-
$this->response(array('status' => 'fail'), 200);
156-
}
157-
// echo 'Total Results: ' . $query->num_rows();
158-
}
159-
160-
function user_get()
161-
{
162-
if(!$this->get('id'))
163-
{
164-
$this->response(NULL, 400);
165-
}
166-
167-
// $user = $this->some_model->getSomething( $this->get('id') );
168-
$users = array(
169-
1 => array('id' => 1, 'name' => 'Some Guy', 'email' => 'example1@example.com', 'fact' => 'Loves swimming'),
170-
2 => array('id' => 2, 'name' => 'Person Face', 'email' => 'example2@example.com', 'fact' => 'Has a huge face'),
171-
3 => array('id' => 3, 'name' => 'Scotty', 'email' => 'example3@example.com', 'fact' => 'Is a Scott!', array('hobbies' => array('fartings', 'bikes'))),
172-
);
173-
174-
$user = @$users[$this->get('id')];
175-
176-
if($user)
177-
{
178-
$this->response($user, 200); // 200 being the HTTP response code
179-
}
180-
181-
else
182-
{
183-
$this->response(array('error' => 'User could not be found'), 404);
184-
}
185-
}
186-
187-
function user_post()
188-
{
189-
//$this->some_model->updateUser( $this->get('id') );
190-
$message = array('id' => $this->get('id'), 'name' => $this->post('name'), 'email' => $this->post('email'), 'message' => 'ADDED!');
191-
192-
$this->response($message, 200); // 200 being the HTTP response code
193-
}
194-
195-
function user_delete()
196-
{
197-
//$this->some_model->deletesomething( $this->get('id') );
198-
$message = array('id' => $this->get('id'), 'message' => 'DELETED!');
199-
200-
$this->response($message, 200); // 200 being the HTTP response code
201-
}
202-
203-
function users_get()
204-
{
205-
//$users = $this->some_model->getSomething( $this->get('limit') );
206-
$users = array(
207-
array('id' => 1, 'name' => 'Some Guy', 'email' => 'example1@example.com'),
208-
array('id' => 2, 'name' => 'Person Face', 'email' => 'example2@example.com'),
209-
3 => array('id' => 3, 'name' => 'Scotty', 'email' => 'example3@example.com', 'fact' => array('hobbies' => array('fartings', 'bikes'))),
210-
);
211-
212-
if($users)
213-
{
214-
$this->response($users, 200); // 200 being the HTTP response code
215-
}
216-
217-
else
218-
{
219-
$this->response(array('error' => 'Couldn\'t find any users!'), 404);
220-
}
221-
}
222-
223-
224-
public function send_post()
225-
{
226-
var_dump($this->request->body);
227-
}
228-
229-
230-
public function send_put()
231-
{
232-
var_dump($this->put('foo'));
205+
// }
233206
}
234207
}

‎application/controllers/REST/user.php

+54-3
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ function index() {
2525

2626
function test_get(){
2727
$id = $this->session->userdata('id');
28+
$id = $this->session->userdata('apikey');
2829
var_dump($id);
2930
echo $id == false;
3031
// echo 'Total Results: ' . $query->num_rows();
@@ -34,13 +35,27 @@ function get_get(){
3435
echo 123;
3536
}
3637

37-
function login(){
38+
function login() {
3839
// $rawpostdata = file_get_contents("php://input");
3940
// $post = json_decode($rawpostdata, true);
4041
// $username = $post['username'];
4142
// $password = $post['password'];
43+
if (!isset($_POST['username']) || !isset($_POST['password'])) {
44+
header("HTTP/1.1 200 OK");
45+
echo json_encode(array('status' => 'invalid parameters'));
46+
return;
47+
}
4248
$username = $_POST['username'];
4349
$password = $_POST['password'];
50+
if (empty($username) || empty($password) || !preg_match('/^[a-zA-Z0-9_]*$/', $username)) {
51+
header("HTTP/1.1 200 OK");
52+
echo json_encode(array('status' => 'fail', 'error' => 'invalid input'));
53+
return;
54+
}
55+
56+
57+
$username = addslashes($username);
58+
$password = addslashes($password);
4459
$password = md5($password);
4560

4661
$query = $this->db->query("SELECT id, username, password FROM user WHERE username='{$username}' and password='{$password}' ");
@@ -51,7 +66,15 @@ function login(){
5166

5267
$this->session->set_userdata('id', $id);
5368
$this->session->set_userdata('username', $username);
54-
$apikey = md5($id . $username);
69+
$apikey = md5($id . $username . time());
70+
$this->session->set_userdata('apikey', $apikey);
71+
72+
$data = array(
73+
'key' => $apikey,
74+
'user_id' => $id
75+
);
76+
77+
$this->db->insert('keys', $data);
5578

5679
header("HTTP/1.1 200 OK");
5780
echo json_encode(array('status' => 'successs', 'apikey' => $apikey));
@@ -69,8 +92,23 @@ function signup(){
6992
// $post = json_decode($rawpostdata, true);
7093
// $username = $post['username'];
7194
// $password = $post['password'];
95+
if (!isset($_POST['username']) || !isset($_POST['password'])) {
96+
header("HTTP/1.1 200 OK");
97+
echo json_encode(array('status' => 'invalid parameters'));
98+
return;
99+
}
72100
$username = $_POST['username'];
73101
$password = $_POST['password'];
102+
if (empty($username) || empty($password) || strlen($username) > 20 || strlen($password) > 20 ||
103+
!preg_match('/^[a-zA-Z0-9_]*$/', $username)) {
104+
header("HTTP/1.1 200 OK");
105+
echo json_encode(array('status' => 'invalid parameters'));
106+
return;
107+
}
108+
109+
$username = addslashes($username);
110+
$password = addslashes($password);
111+
74112
$password = md5($password);
75113

76114
$query = $this->db->query("SELECT username, password FROM user WHERE username='{$username}'");
@@ -92,17 +130,30 @@ function signup(){
92130
$result = $query->result();
93131
$id = $result[0]->id;
94132
$this->session->set_userdata('id', $id);
133+
$apikey = md5($id . $username . time());
134+
$this->session->set_userdata('apikey', $apikey);
135+
136+
$data = array(
137+
'key' => $apikey,
138+
'user_id' => $id
139+
);
140+
141+
$this->db->insert('keys', $data);
95142
// $this->response(array('status' => 'success', 'id' => $id), 200);
96143
header("HTTP/1.1 200 OK");
97-
echo json_encode(array('status' => 'success', 'id' => $id));
144+
echo json_encode(array('status' => 'success', 'id' => $id, 'apikey' => $apikey));
98145
}
99146
}
100147

101148
// echo 'Total Results: ' . $query->num_rows();
102149
}
103150

104151
function logout(){
152+
$apikey = $this->session->userdata('apikey');
105153
$this->session->sess_destroy();
154+
if (!empty($apikey)) {
155+
$this->db->query("DELETE from `keys` where `key`='{$apikey}'");
156+
}
106157
// return $this->response(array('status' => 'success'), 200);
107158
header("HTTP/1.1 200 OK");
108159
echo json_encode(array('status' => 'successs'));

‎application/controllers/welcome.php

+2-1
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,9 @@ function index()
1111
{
1212
$id = $this->session->userdata('id');
1313
$isLoggedIn = $id !== FALSE;
14+
$apikey = $this->session->userdata('apikey');
1415
$this->load->helper('url');
15-
$this->load->view('index',array('isLoggedIn' => $isLoggedIn? 1 : 0));
16+
$this->load->view('index', array('isLoggedIn' => $isLoggedIn? 1 : 0, 'apikey' => "'{$apikey}'"));
1617
}
1718
}
1819

0 commit comments

Comments
 (0)