123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249 |
- <?php
- /**
- * Bibliotheca
- *
- * Copyright 2018-2023 Johannes Keßler
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/gpl-3.0.
- */
- require_once './config/config.php';
- mb_http_output('UTF-8');
- mb_internal_encoding('UTF-8');
- ini_set('error_reporting',-1); // E_ALL & E_STRICT
- # check request
- $_urlToParse = filter_var($_SERVER['QUERY_STRING'],FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW);
- if(!empty($_urlToParse)) {
- # see http://de2.php.net/manual/en/regexp.reference.unicode.php
- if(preg_match('/[\p{C}\p{M}\p{Sc}\p{Sk}\p{So}\p{Zl}\p{Zp}]/u',$_urlToParse) === 1) {
- die('Malformed request. Make sure you know what you are doing.');
- }
- }
- # set the error reporting
- ini_set('log_errors',true);
- if(DEBUG === true) {
- ini_set('display_errors',true);
- }
- else {
- ini_set('display_errors',false);
- }
- # time settings
- date_default_timezone_set(TIMEZONE);
- # static helper class
- require_once 'lib/summoner.class.php';
- # general includes
- require_once 'lib/doomguy.class.php';
- require_once 'lib/spectre.class.php';
- require_once 'lib/mancubus.class.php';
- require_once 'lib/manageentry.class.php';
- require_once 'lib/trite.class.php';
- ## DB connection
- $DB = new mysqli(DB_HOST, DB_USERNAME,DB_PASSWORD, DB_NAME);
- $driver = new mysqli_driver();
- $driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT;
- if ($DB->connect_errno) exit('Can not connect to MySQL Server');
- $DB->set_charset("utf8mb4");
- $DB->query("SET collation_connection = 'utf8mb4_unicode_ci'");
- # user Object
- $Doomguy = new Doomguy($DB);
- # API object
- $Spectre = new Spectre($DB, $Doomguy);
- $_requestMode = "default";
- if(isset($_GET['p']) && !empty($_GET['p'])) {
- $_requestMode = trim($_GET['p']);
- $_requestMode = Summoner::validate($_requestMode,'nospace') ? $_requestMode : "default";
- if(!$Spectre->allowedRequests($_requestMode)) $_requestMode = "default";
- }
- $_authKey = '';
- if(isset($_GET['authKey']) && !empty($_GET['authKey'])) {
- $_authKey = trim($_GET['authKey']);
- $_authKey = Summoner::validate($_authKey,'nospace') ? $_authKey : '';
- }
- $_apiResult = array(
- 'message' => 'Nothing to see here.',
- 'status' => 200,
- 'data' => array()
- );
- switch ($_requestMode) {
- case 'list':
- # get the latest 10 entris for given collection
- $_msg = 'Missing parameter with value: collection';
- $_status = 404;
- $_data = array();
- $_collection = false;
- if(isset($_GET['collection']) && !empty($_GET['collection'])) {
- $_collection = trim($_GET['collection']);
- $_collection = Summoner::validate($_collection,'digit') ? $_collection : false;
- }
- if(!empty($_collection)) {
- $_msg = 'Invalid collection.';
- $Mancubus = new Mancubus($DB,$Doomguy);
- $Trite = new Trite($DB,$Doomguy);
- $collectionInfo = $Trite->load($_collection);
- $Mancubus->setCollection($Trite->param('id'));
- $Mancubus->setQueryOptions(array('limit' => 10));
- $entries = $Mancubus->getEntries();
- if(!empty($entries)) {
- $_msg = 'Latest entries for collection: '.$collectionInfo['name'];
- $_status = 200;
- $_data = $entries;
- }
- }
- $_apiResult = array(
- 'message' => $_msg,
- 'status' => $_status,
- 'data' => $_data
- );
- break;
- case 'add':
- # add a single new entry to given collection
- # authenticated by api token
- $_msg = 'Missing parameter with value: collection';
- $_status = 400;
- $_data = array();
- $Doomguy->authByApiToken($_authKey);
- if(!$Doomguy->isSignedIn()) {
- $_apiResult = array(
- 'message' => "Missing API token.",
- 'status' => 401,
- 'data' => $_data
- );
- break;
- }
- $_collection = false;
- if(isset($_GET['collection']) && !empty($_GET['collection'])) {
- $_collection = trim($_GET['collection']);
- $_collection = Summoner::validate($_collection,'digit') ? $_collection : false;
- }
- if(!empty($_collection)) {
- $_msg = 'Invalid POST data.';
- $_data = $_REQUEST;
- $Mancubus = new Mancubus($DB,$Doomguy);
- $ManangeEntry = new Manageentry($DB,$Doomguy);
- $ManangeEntry->setCollection($_collection);
- $editFields = $ManangeEntry->getEditFields();
- if(!empty($_POST) && !empty($editFields)) {
- $fdata = $_POST;
- if(!empty($_FILES)) {
- $fupload = $Spectre->prepareFilesArray($_FILES);
- }
- $_owner = $Doomguy->param('id');
- $_group = $Doomguy->param('baseGroupId');
- $_rights = 'rwxrwxr--';
- foreach ($editFields as $fieldId=>$fieldData) {
- if(isset($fupload['name'][$fieldData['identifier']])) {
- $fieldData['uploadData'] = $fupload;
- $_fieldsToSave[$fieldData['identifier']] = $fieldData;
- }
- elseif(isset($fdata[$fieldData['identifier']])) {
- $_value = trim($fdata[$fieldData['identifier']]);
- if(!empty($_value)) {
- $fieldData['valueToSave'] = trim($fdata[$fieldData['identifier']]);
- $_fieldsToSave[$fieldData['identifier']] = $fieldData;
- }
- }
- }
- // special case. Title field should be always available.
- if(!empty($_fieldsToSave) && isset($_fieldsToSave['title'])) {
- $do = $ManangeEntry->create($_fieldsToSave, $_owner, $_group, $_rights);
- if(!empty($do)) {
- $_msg = 'Added entry: '.$_fieldsToSave['title']['valueToSave'];
- $_status = 200;
- $_data = array($_fieldsToSave, $_owner, $_group, $_rights);
- }
- }
- }
- }
- $_apiResult = array(
- 'message' => $_msg,
- 'status' => $_status,
- 'data' => $_data
- );
- break;
- case 'addInfo':
- # return information about the given collection to create an ad call.
- $_msg = 'Missing parameter with value: collection';
- $_status = 404;
- $_data = array();
- $_collection = false;
- if(isset($_GET['collection']) && !empty($_GET['collection'])) {
- $_collection = trim($_GET['collection']);
- $_collection = Summoner::validate($_collection,'digit') ? $_collection : false;
- }
- if(!empty($_collection)) {
- $_msg = 'Invalid collection.';
- $Mancubus = new Mancubus($DB,$Doomguy);
- $Trite = new Trite($DB,$Doomguy);
- $collectionInfo = $Trite->load($_collection);
- $Mancubus->setCollection($Trite->param('id'));
- // just get one entry fpr given collection and then build the
- // json information about adding structure
- $entryStructure = $Mancubus->getEntryStructure();
- $structure = $Spectre->buildAddStructure($entryStructure['fields']);
- if(!empty($structure)) {
- $_msg = 'API POST and FILES data information for collection: '.$collectionInfo['name'];
- $_status = 200;
- $_data = $structure;
- }
- }
- $_apiResult = array(
- 'message' => $_msg,
- 'status' => $_status,
- 'data' => $_data
- );
- break;
- case 'default':
- default:
- // do nothing
- }
- # header information
- http_response_code($_apiResult['status']);
- header('Content-type: application/json; charset=UTF-8');
- echo json_encode($_apiResult);
|