PageRenderTime 34ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/api/1/service.php

https://github.com/dreamhackcrew/API
PHP | 147 lines | 96 code | 28 blank | 23 comment | 28 complexity | e6b8388827abb098c6ebcaa0cc4cdc04 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. function filter_methods($method) {
    4. 

  4.     // Only return methods that have a pre _
    5. 

  5.     if ( substr($method,0,1)=='_' && substr($method,1,1)!='_' )
    6. 

  6.         return substr($method,1);
    7. 

  7.     else
    8. 

  8.         return null;
    9. 

  9. }
    10. 

  10. 

  11. class service {
    12. 

  12.     function __construct($request) {
    13. 

  13. 		if ( is_callable(array($this,'construct')) )
    14. 

  14. 			$this->construct();
    15. 

  15. 

  16.         // Always add a _ to the requested method
    17. 

  17.         $command = '_'.$request[0];
    18. 

  18.         array_shift($request);
    19. 

  19. 

  20.         // Check if the method exists
    21. 

  21.         if ( !is_callable(array($this,$command)) ) {
    22. 

  22.             header('HTTP/1.0 404 Not found');
    23. 

  23.             response(array(
    24. 

  24.                 'error'=>'Method not found!',
    25. 

  25.                 'available'=>array_filter(array_map('filter_methods',get_class_methods($this))) // Get all methods that starts with a _
    26. 

  26.             ));
    27. 

  27.         }
    28. 

  28. 

  29.         // Call the method, and return the result
    30. 

  30.         response(call_user_func_array(array($this,$command),$request));
    31. 

  31.     }
    32. 

  32. 

  33.     function requireFlag() {/*{{{*/
    34. 

  34.         $args = func_get_args();
    35. 

  35. 

  36.         foreach($args as $key => $line) {
    37. 

  37.             if ( !is_string($line) )
    38. 

  38.                 trigger_error('requireFlag arguments must be strings',E_USER_ERROR);
    39. 

  39. 

  40.             // Add the flag to the list if it is a string.
    41. 

  41.             $flags[] = $line;
    42. 

  42.         }
    43. 

  43. 

  44.         // Check that the user is signed in, if not.. send the user to the sign in
    45. 

  45.         if ( !isset($_SESSION['id']) ) {
    46. 

  46.             header('HTTP/1.0 401 Unauthorized');
    47. 

  47. 

  48.             if ( isset($_SERVER['HTTP_X_URL_SCHEME']) && $_SERVER['HTTP_X_URL_SCHEME'] == "https") 
    49. 

  49.                 header('WWW-Authenticate: Basic realm="Sign in with our Crew Corner account"');
    50. 

  50. 

  51.             response(array(
    52. 

  52.                 'error' => 'Access denied to a restricted service, please authorize first',
    53. 

  53.                 'desc' => 'You are trying to access a restricted service without authorization.',
    54. 

  54.                 'no' => E_USER_ERROR,
    55. 

  55.             ));
    56. 

  56.         }
    57. 

  57. 

  58.         // If we dont have an access string, make one
    59. 

  59.         if ( !isset($_SESSION['access']) )
    60. 

  60.             $_SESSION['access'] = $this->makeAccessStr($_SESSION['id']);
    61. 

  61. 

  62.         if ( !isset($_SESSION['access_flags']) )
    63. 

  63.             $_SESSION['access_flags'] = $this->getAccessFlags($_SESSION['access']);
    64. 

  64. 

  65. 		$flagsMissing = array();
    66. 

  66. 		if ( is_array($_SESSION['access_flags']) )
    67. 

  67. 			foreach($flags as $key => $line) {
    68. 

  68. 				if ( !in_array($line,$_SESSION['access_flags']) )
    69. 

  69. 					$flagsMissing[] = $line;
    70. 

  70. 			}
    71. 

  71. 

  72.         // We dont have access, throw error message
    73. 

  73.         if ( $flagsMissing ) 
    74. 

  74.             response(array(
    75. 

  75.                 'error'=>'Access denied, insufficient permissions!',
    76. 

  76.                 'access_flags_needed' => $flagsMissing
    77. 

  77.             ));
    78. 

  78.     }/*}}}*/
    79. 

  79. 

  80.     function makeAccessStr($uid) {/*{{{*/
    81. 

  81. 

  82.         // Start with the G-1 flag (signed in user) and the user id flag U{user id}
    83. 

  83.         $str = "G-1,|U$uid,";
    84. 

  84. 

  85.         $level = db()->fetchOne("SELECT level FROM users WHERE uid=$uid");
    86. 

  86.         // The admin flag
    87. 

  87.         if ($level == 'admin')
    88. 

  88.             $str .= '|G-2,';
    89. 

  89.         // The developer flag, developers also gets the admin flag
    90. 

  90.         elseif ($level == 'developer')
    91. 

  91.             $str .= '|G-2,|G-4,';
    92. 

  92. 

  93.         // Find all groups that the user is a member of
    94. 

  94.         if ($groups = db()->fetchAll("SELECT gid,name,lft,rgt FROM membership JOIN groups USING(gid) WHERE uid=$uid")) {
    95. 

  95.             $terms = array();
    96. 

  96.             foreach ($groups as $line) {
    97. 

  97.                 // Get all child groups
    98. 

  98.                 $terms[] = "lft BETWEEN {$line['lft']} AND {$line['rgt']}";
    99. 

  99. 

  100.                 // Find all parents
    101. 

  101.                 $terms[] = "lft < {$line['lft']} AND rgt > {$line['rgt']}";
    102. 

  102.             }
    103. 

  103. 

  104.             if ( $terms ) {
    105. 

  105.                 // Get all the groups and childgroups that the user is a member of
    106. 

  106.                 if ($groups = db()->fetchAllOne("SELECT gid FROM groups WHERE (".implode(' OR ',$terms).") AND NOT name LIKE '-%'")) 
    107. 

  107.                     // And add them to the access string
    108. 

  108.                     $str .= '|G'.implode($groups,',|G').',';
    109. 

  109.             }
    110. 

  110.         }
    111. 

  111. 

  112.         // G-3 - member of a group in an active event
    113. 

  113.         if ( $events = db()->fetchAll("SELECT *, events.id, max(groups.gid) `gid` FROM events,groups,membership WHERE (groups.event=events.id OR groups.gid<0) AND membership.gid=groups.gid AND uid=$uid GROUP BY events.id")) {
    114. 

  114.             foreach ( $events as $event ) {
    115. 

  115.                 // The E{event number} flag
    116. 

  116.                 if ( $event['gid'] > 0 )
    117. 

  117.                     $str .= '|E'.$event['id'].',';
    118. 

  118. 

  119.                 // Remember if we find any active events
    120. 

  120.                 if ( $event['active'] == 'Y' )
    121. 

  121.                     $active = true;
    122. 

  122.             }
    123. 

  123. 

  124.             // Add the G-3 flag
    125. 

  125.             if ( isset($active) && $active )
    126. 

  126.                 $str .= '|G-3,';
    127. 

  127.         }
    128. 

  128. 

  129.         // Special flag groups, if the user is member of a group named something that starts with a - for example (-TA) we add the group flags like F-TA{group number}
    130. 

  130.         // This is used to identify team- and group-leaders for a group
    131. 

  131.         if ($flags = db()->fetchAll("SELECT * FROM membership JOIN groups USING (gid) WHERE name LIKE '-%' AND uid=$uid")) {
    132. 

  132.             foreach ($flags as $flag)
    133. 

  133.                 $str .= '|F'.$flag['name'].''.$flag['parent'].',';
    134. 

  134.         }
    135. 

  135. 

  136.         return $str;
    137. 

  137.     }/*}}}*/
    138. 

  138.     function getAccessFlags( $accessString ) {
    139. 

  139.         // If we dont get an access string, dont bother to run the search
    140. 

  140.         if ( !$accessString ) 
    141. 

  141.             return array();
    142. 

  142. 

  143.         return db()->fetchAllOne("SELECT flag FROM api_access WHERE auth_string REGEXP '%s'",$accessString);
    144. 

  144.     }
    145. 

  145. }
    146. 

  146. 

  147. ?>
    148. 

  148.