2017-05-17 11:48:24 +00:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Comunic Rest API
|
|
|
|
*
|
|
|
|
* Serves the data for users
|
|
|
|
*
|
|
|
|
* @author Pierre HUBERT
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Page initiator
|
|
|
|
*/
|
|
|
|
include(__DIR__."/init.php");
|
|
|
|
|
2017-05-17 12:05:23 +00:00
|
|
|
//Include RestControllers
|
|
|
|
foreach(glob(PROJECT_PATH."RestControllers/*.php") as $restControllerFile){
|
2017-05-19 16:07:52 +00:00
|
|
|
require_once $restControllerFile;
|
2017-05-17 12:05:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
//Include RestServer library
|
|
|
|
require PROJECT_PATH."3rdparty/RestServer/RestServer.php";
|
|
|
|
|
2017-05-26 07:36:20 +00:00
|
|
|
//By default return format is json
|
2017-05-17 12:05:23 +00:00
|
|
|
if(!isset($_GET["format"]))
|
2017-05-19 16:07:52 +00:00
|
|
|
$_GET['format'] = "json";
|
2017-05-17 12:05:23 +00:00
|
|
|
|
2017-06-18 08:07:52 +00:00
|
|
|
//Specify we are on Comunic API Server
|
|
|
|
header("Technology: Official Comunic API Server");
|
|
|
|
|
2017-06-13 09:01:36 +00:00
|
|
|
//Check client tokens
|
2017-05-19 16:07:52 +00:00
|
|
|
if(!$cs->tokens->checkClientRequestTokens())
|
|
|
|
Rest_fatal_error(401, "Please check your client tokens!");
|
|
|
|
|
2017-06-13 09:01:36 +00:00
|
|
|
//Check for remote requests limit
|
|
|
|
if(defined("APIServiceDomain")){
|
|
|
|
|
|
|
|
//First, limit requests
|
2017-07-01 08:41:46 +00:00
|
|
|
header("Access-Control-Allow-Origin: http://".APIServiceDomain.", https://".APIServiceDomain);
|
2017-06-13 09:01:36 +00:00
|
|
|
|
|
|
|
//Then check for referer
|
|
|
|
if(!isset($_SERVER["HTTP_REFERER"]))
|
2017-06-13 09:02:39 +00:00
|
|
|
Rest_fatal_error(401, "Access from direct requests denied with this client token !");
|
2017-06-13 09:01:36 +00:00
|
|
|
|
|
|
|
//Check the referer
|
|
|
|
if(get_url_domain($_SERVER["HTTP_REFERER"]) !== APIServiceDomain)
|
|
|
|
Rest_fatal_error(401, "Access denied from this domain with this client token !");
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
//Allow remote requests from anywhere
|
|
|
|
header("Access-Control-Allow-Origin: *");
|
|
|
|
}
|
|
|
|
|
2017-05-19 16:07:52 +00:00
|
|
|
//Check if login tokens where specified
|
|
|
|
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
|
|
|
|
//Try to login user
|
2018-04-11 08:45:22 +00:00
|
|
|
$userID = $cs->components->account->getUserIDfromToken(APIServiceID, array(
|
2017-05-19 16:07:52 +00:00
|
|
|
$_POST['userToken1'],
|
|
|
|
$_POST['userToken2']
|
|
|
|
));
|
|
|
|
|
|
|
|
if($userID < 1){
|
|
|
|
Rest_fatal_error(401, "Please check your login tokens!");
|
|
|
|
}
|
|
|
|
|
|
|
|
//Else save userID
|
|
|
|
define("userID", $userID);
|
|
|
|
}
|
2017-05-26 07:36:20 +00:00
|
|
|
else {
|
|
|
|
//Defined userID is number 0
|
|
|
|
define("userID", 0);
|
|
|
|
}
|
2017-05-17 12:43:12 +00:00
|
|
|
|
2017-05-17 12:05:23 +00:00
|
|
|
/**
|
|
|
|
* Handle Rest requests
|
|
|
|
*/
|
|
|
|
$server = new \Jacwright\RestServer\RestServer($cs->config->get("site_mode"));
|
|
|
|
|
|
|
|
//Include controllers
|
|
|
|
foreach(get_included_files() as $filePath){
|
2017-05-19 16:07:52 +00:00
|
|
|
if(preg_match("<RestControllers>", $filePath)){
|
|
|
|
$className = strstr($filePath, "RestControllers/");
|
|
|
|
$className = str_replace(array("RestControllers/", ".php"), "", $className);
|
|
|
|
$server->addClass($className);
|
|
|
|
}
|
2017-05-17 12:05:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
//Hanlde
|
|
|
|
$server->handle();
|