Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Roman Hergenreder
2020-02-09 23:02:19 +01:00
commit 62f67967ba
61 changed files with 25369 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
core/Api/ExecuteSelect.class.php Normal file
View File

@@ -0,0 +1,111 @@
<?php
namespace Api;
use Api\Parameter\Parameter;
use Api\Parameter\StringType;
class ExecuteSelect extends Request {
public function __construct($user, $externCall = false) {
parent::__construct($user, $externCall, array(
'query' => new StringType('query')
));
$this->isPublic = false;
$this->variableParamCount = true;
}
public function getDescription() { return 'Führt ein SELECT Statement aus.'; }
public function getSection() { return "Internal"; }
public function execute($aValues = array()) {
if(!parent::execute($aValues)) {
return false;
}
$this->success = false;
$this->result['rows'] = array();
if(count($this->params) === 1) {
$res = $this->user->getSQL()->query($this->getParam('query'));
if(!$res) {
$this->lastError = 'Database Error: query() failed with ' . $this->user->getSQL()->getLastError();
return false;
}
while($row = $res->fetch_assoc()) {
array_push($this->result['rows'], $row);
}
$this->success = true;
$res->close();
} else {
$aSqlParams = array('');
foreach($this->params as $param) {
if($param->name === 'query') continue;
$value = $param->value;
switch($param->type) {
case Parameter::TYPE_BOOLEAN:
$value = $param->value ? 1 : 0;
case Parameter::TYPE_INT:
$aSqlParams[0] .= 'i';
break;
case Parameter::TYPE_FLOAT:
$aSqlParams[0] .= 'd';
break;
case Parameter::TYPE_DATE:
$value = $value->format('Y-m-d');
$aSqlParams[0] .= 's';
break;
case Parameter::TYPE_TIME:
$value = $value->format('H:i:s');
$aSqlParams[0] .= 's';
break;
case Parameter::TYPE_DATE_TIME:
$value = $value->format('Y-m-d H:i:s');
$aSqlParams[0] .= 's';
break;
case Parameter::TYPE_EMAIL:
default:
$aSqlParams[0] .= 's';
}
$aSqlParams[] = $value;
}
$tmp = array();
foreach($aSqlParams as $key => $value) $tmp[$key] = &$aSqlParams[$key];
if($stmt = $this->user->getSQL()->connection->prepare($this->getParam('query'))) {
if(call_user_func_array(array($stmt, "bind_param"), $tmp))
{
if($stmt->execute()) {
$res = $stmt->get_result();
if($res) {
while($row = $res->fetch_assoc()) {
array_push($this->result['rows'], $row);
}
$res->close();
$this->success = true;
} else {
$this->lastError = 'Database Error: execute() failed with ' . $this->user->getSQL()->getLastError();
}
} else {
$this->lastError = 'Database Error: get_result() failed with ' . $this->user->getSQL()->getLastError();
}
} else {
$this->lastError = 'Database Error: bind_param() failed with ' . $this->user->getSQL()->getLastError();
}
$stmt->close();
} else {
$this->lastError = 'Database Error: prepare failed with() ' . $this->user->getSQL()->getLastError();
}
}
return $this->success;
}
};
?>

97
core/Api/ExecuteStatement.class.php Normal file
View File

@@ -0,0 +1,97 @@
<?php
namespace Api;
use Api\Parameter\Parameter;
use Api\Parameter\StringType;
class ExecuteStatement extends Request {
public function __construct($user, $externCall = false) {
parent::__construct($user, $externCall, array(
'query' => new StringType('query')
));
$this->isPublic = false;
$this->variableParamCount = true;
}
public function execute($aValues = array()) {
if(!parent::execute($aValues)) {
return false;
}
$this->success = false;
$this->result['rows'] = array();
if(count($this->params) == 1) {
$this->success = $this->user->getSQL()->execute($this->getParam('query'));
if(!$this->success) {
$this->lastError = $this->user->getSQL()->getLastError();
}
} else {
$aSqlParams = array('');
foreach($this->params as $param) {
if($param->name === 'query') continue;
$value = $param->value;
if(is_null($value)) {
$aSqlParams[0] .= 's';
} else {
switch($param->type) {
case Parameter::TYPE_BOOLEAN:
$value = $param->value ? 1 : 0;
$aSqlParams[0] .= 'i';
break;
case Parameter::TYPE_INT:
$aSqlParams[0] .= 'i';
break;
case Parameter::TYPE_FLOAT:
$aSqlParams[0] .= 'd';
break;
case Parameter::TYPE_DATE:
$value = $value->format('Y-m-d');
$aSqlParams[0] .= 's';
break;
case Parameter::TYPE_TIME:
$value = $value->format('H:i:s');
$aSqlParams[0] .= 's';
break;
case Parameter::TYPE_DATE_TIME:
$value = $value->format('Y-m-d H:i:s');
$aSqlParams[0] .= 's';
break;
case Parameter::TYPE_EMAIL:
default:
$aSqlParams[0] .= 's';
}
}
$aSqlParams[] = $value;
}
$tmp = array();
foreach($aSqlParams as $key => $value) $tmp[$key] = &$aSqlParams[$key];
if($stmt = $this->user->getSQL()->connection->prepare($this->getParam('query'))) {
if(call_user_func_array(array($stmt, "bind_param"), $tmp)) {
if($stmt->execute()) {
$this->result['rows'] = $stmt->affected_rows;
$this->success = true;
} else {
$this->lastError = 'Database Error: execute() failed with ' . $this->user->getSQL()->getLastError();
}
} else {
$this->lastError = 'Database Error: bind_param() failed with ' . $this->user->getSQL()->getLastError();
}
$stmt->close();
} else {
$this->lastError = 'Database Error: prepare() failed with ' . $this->user->getSQL()->getLastError();
}
}
return $this->success;
}
};
?>

161
core/Api/Parameter/Parameter.class.php Normal file
View File

@@ -0,0 +1,161 @@
<?php
namespace Api\Parameter;
class Parameter {
const TYPE_INT = 0;
const TYPE_FLOAT = 1;
const TYPE_BOOLEAN = 2;
const TYPE_STRING = 3;
const TYPE_DATE = 4;
const TYPE_TIME = 5;
const TYPE_DATE_TIME = 6;
const TYPE_EMAIL = 7;
// only internal access
const TYPE_RAW = 8;
const TYPE_ARRAY = 9;
const names = array('Integer', 'Float', 'Boolean', 'String', 'Date', 'Time', 'DateTime', 'E-Mail', 'Raw', 'Array');
public $name;
public $value;
public $optional;
public $type;
public $typeName;
public function __construct($name, $type, $optional = FALSE, $defaultValue = NULL) {
$this->name = $name;
$this->optional = $optional;
$this->value = $defaultValue;
$this->type = $type;
$this->typeName = $this->getTypeName();
}
public function getTypeName() {
return ($this->type >= 0 && $this->type < count(Parameter::names)) ? Parameter::names[$this->type] : "INVALID";
}
public function toString() {
$typeName = Parameter::names[$this->type];
$str = "$typeName $this->name";
$defaultValue = (is_null($this->value) ? 'NULL' : $this->value);
if($this->optional) {
$str = "[$str = $defaultValue]";
}
return $str;
}
public static function parseType($value) {
if(is_array($value))
return Parameter::TYPE_ARRAY;
else if(is_numeric($value) && intval($value) == $value)
return Parameter::TYPE_INT;
else if(is_float($value) || (is_numeric($value) && floatval($value) == $value))
return Parameter::TYPE_FLOAT;
else if(is_bool($value) || $value == "true" || $value == "false")
return Parameter::TYPE_BOOLEAN;
else if(is_a($value, 'DateTime'))
return Parameter::TYPE_DATE_TIME;
else if(($d = \DateTime::createFromFormat('Y-m-d', $value)) && $d->format('Y-m-d') === $value)
return Parameter::TYPE_DATE;
else if(($d = \DateTime::createFromFormat('H:i:s', $value)) && $d->format('H:i:s') === $value)
return Parameter::TYPE_TIME;
else if(($d = \DateTime::createFromFormat('Y-m-d H:i:s', $value)) && $d->format('Y-m-d H:i:s') === $value)
return Parameter::TYPE_DATE_TIME;
else if (filter_var($value, FILTER_VALIDATE_EMAIL))
return Parameter::TYPE_EMAIL;
else
return Parameter::TYPE_STRING;
}
public function parseParam($value) {
switch($this->type) {
case Parameter::TYPE_INT:
if(is_numeric($value) && intval($value) == $value) {
$this->value = intval($value);
return true;
}
return false;
case Parameter::TYPE_FLOAT:
if(is_numeric($value) && (floatval($value) == $value || intval($value) == $value)) {
$this->value = floatval($value);
return true;
}
return false;
case Parameter::TYPE_BOOLEAN:
if(strcasecmp($value, 'true') === 0)
$this->value = true;
else if(strcasecmp($value, 'false') === 0)
$this->value = false;
else if(is_bool($value))
$this->value = (bool)$value;
else
return false;
return true;
case Parameter::TYPE_DATE:
if(is_a($value, "DateTime")) {
$this->value = $value;
return true;
}
$d = DateTime::createFromFormat('Y-m-d', $value);
if($d && $d->format('Y-m-d') === $value) {
$this->value = $d;
return true;
}
return false;
case Parameter::TYPE_TIME:
if(is_a($value, "DateTime")) {
$this->value = $value;
return true;
}
$d = DateTime::createFromFormat('H:i:s', $value);
if($d && $d->format('H:i:s') === $value) {
$this->value = $d;
return true;
}
return false;
case Parameter::TYPE_DATE_TIME:
if(is_a($value, 'DateTime')) {
$this->value = $value;
return true;
} else {
$d = DateTime::createFromFormat('Y-m-d H:i:s', $value);
if($d && $d->format('Y-m-d H:i:s') === $value) {
$this->value = $d;
return true;
}
}
return false;
case Parameter::TYPE_EMAIL:
if (filter_var($value, FILTER_VALIDATE_EMAIL)) {
$this->value = $value;
return true;
}
return false;
case Parameter::TYPE_ARRAY:
if(is_array($value)) {
$this->value = $value;
return true;
}
return false;
default:
$this->value = $value;
return true;
}
}
}
?>

43
core/Api/Parameter/StringType.class.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
namespace Api\Parameter;
class StringType extends Parameter {
public $maxLength;
public function __construct($name, $maxLength = -1, $optional = FALSE, $defaultValue = NULL) {
parent::__construct($name, Parameter::TYPE_STRING, $optional, $defaultValue);
$this->maxLength = $maxLength;
}
public function parseParam($value) {
if(!is_string($value)) {
return false;
}
if($this->maxLength > 0 && strlen($value) > $this->maxLength) {
return false;
}
$this->value = $value;
return true;
}
public function getTypeName() {
$maxLength = ($this->maxLength > 0 ? "($this->maxLength)" : "");
return parent::getTypeName() . $maxLength;
}
public function toString() {
$typeName = $this->getTypeName();
$str = "$typeName $this->name";
$defaultValue = (is_null($this->value) ? 'NULL' : $this->value);
if($this->optional) {
$str = "[$str = $defaultValue]";
}
return $str;
}
}
?>

195
core/Api/Request.class.php Normal file
View File

@@ -0,0 +1,195 @@
<?php
namespace Api;
class Request {
protected $user;
protected $params;
protected $lastError;
protected $result;
protected $success;
protected $isPublic;
protected $loginRequired;
protected $variableParamCount;
protected $isDisabled;
protected $apiKeyAllowed;
private $aDefaultParams;
private $allowedMethods;
private $externCall;
public function __construct($user, $externCall = false, $params = array()) {
$this->user = $user;
$this->aDefaultParams = $params;
$this->lastError = '';
$this->success = false;
$this->result = array();
$this->externCall = $externCall;
$this->isPublic = true;
$this->isDisabled = false;
$this->loginRequired = false;
$this->variableParamCount = false;
$this->apiKeyAllowed = true;
$this->allowedMethods = array("GET", "POST");
}
protected function forbidMethod($method) {
if (($key = array_search($method, $this->allowedMethods)) !== false) {
unset($this->allowedMethods[$key]);
}
}
public function getParamsString() {
$str = "";
$count = count($this->params);
$i = 0;
foreach($this->params as $param) {
$str .= $param->toString();
if($i < $count - 1) $str .= ", ";
$i++;
}
return "($str)";
}
public function parseParams($aValues) {
foreach($this->params as $name => $param) {
$value = (isset($aValues[$name]) ? $aValues[$name] : NULL);
if(!$param->optional && is_null($value)) {
$this->lastError = 'Missing parameter: ' . $name;
return false;
}
if(!is_null($value)) {
if(!$param->parseParam($value)) {
$value = print_r($value, true);
$this->lastError = "Invalid Type for parameter: $name '$value' (Required: " . $param->getTypeName() . ")";
return false;
}
}
}
return true;
}
public function parseVariableParams($aValues) {
foreach($aValues as $name => $value) {
if(isset($this->params[$name])) continue;
$type = Parameter\Parameter::parseType($value);
$param = new Parameter\Parameter($name, $type, true);
$param->parseParam($value);
$this->params[$name] = $param;
}
}
public function execute($aValues = array()) {
$this->params = $this->aDefaultParams;
$this->success = false;
$this->result = array();
$this->lastError = '';
if($this->user->isLoggedIn()) {
$this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds();
}
if($this->externCall) {
$aValues = $_REQUEST;
if($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_SERVER["CONTENT_TYPE"]) && in_array("application/json", explode(";", $_SERVER["CONTENT_TYPE"]))) {
$jsonData = json_decode(file_get_contents('php://input'), true);
$aValues = array_merge($aValues, $jsonData);
}
}
if($this->isDisabled) {
$this->lastError = "This function is currently disabled.";
return false;
}
if($this->externCall && !$this->isPublic) {
$this->lastError = 'This function is private.';
header('HTTP 1.1 403 Forbidden');
return false;
}
if(!in_array($_SERVER['REQUEST_METHOD'], $this->allowedMethods)) {
$this->lastError = 'This method is not allowed';
header('HTTP 1.1 405 Method Not Allowed');
return false;
}
if($this->loginRequired) {
$authorized = false;
if(isset($aValues['api_key']) && $this->apiKeyAllowed) {
$apiKey = $aValues['api_key'];
$authorized = $this->user->authorize($apiKey);
}
if(!$this->user->isLoggedIn() && !$authorized) {
$this->lastError = 'You are not logged in.';
header('HTTP 1.1 401 Unauthorized');
return false;
}
}
if(!$this->parseParams($aValues))
return false;
if($this->variableParamCount)
$this->parseVariableParams($aValues);
if(!$this->user->getSQL()->isConnected()) {
$this->lastError = $this->user->getSQL()->getLastError();
return false;
}
$this->user->getSQL()->setLastError('');
$this->success = true;
return true;
}
protected function isValidString($str, $regex) {
return preg_replace($regex, "", $str) === $str;
}
protected function createError($err) {
$this->success = false;
$this->lastError = $err;
return false;
}
//
// public static function callDirectly($class, $db) {
// header('Content-Type: application/json');
// require_once realpath($_SERVER['DOCUMENT_ROOT']) . '/php/api/objects/User.php';
// require_once realpath($_SERVER['DOCUMENT_ROOT']) . '/php/sql.php';
// require_once realpath($_SERVER['DOCUMENT_ROOT']) . '/php/conf/sql.php';
//
// $sql = connectSQL(getSqlData($db));
// $user = new CUser($sql);
// $request = new $class($user, true);
// $request->execute();
// $sql->close();
// $user->sendCookies();
// return $request->getJsonResult();
// }
protected function getParam($name) { return isset($this->params[$name]) ? $this->params[$name]->value : NULL; }
public function isPublic() { return $this->isPublic; }
public function getDescription() { return ''; }
public function getSection() { return 'Default'; }
public function getLastError() { return $this->lastError; }
public function getResult() { return $this->result; }
public function success() { return $this->success; }
public function loginRequired() { return $this->loginRequired; }
public function isExternCall() { return $this->externCall; }
public function getJsonResult() {
$this->result['success'] = $this->success;
$this->result['msg'] = $this->lastError;
return json_encode($this->result);
}
};
?>