api.php 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. <?php
  2. require_once('php/include.php');
  3. // TODO - Add API handling.
  4. $method = $_SERVER['REQUEST_METHOD'];
  5. $ret = Array();
  6. if(isset($_GET['type'])){
  7. if(isset($_GET['id'])){
  8. $id = $_GET['id'];
  9. switch($_GET['type']){
  10. case 'user':
  11. back(true);
  12. if(!isset($_GET['template'])){
  13. $ret['template'] = file_get_contents(PATH_DATA.'pages/user.template');
  14. }
  15. if($user = userObj($id)){
  16. $context = Array(
  17. 'name'=>$user['name'],
  18. 'email'=>$user['email']
  19. );
  20. if($LOGGEDIN){
  21. $context['key'] = true;
  22. $context['user'] = userObj($_SESSION['username']);
  23. };
  24. $ret['context'] = $context;
  25. }else{
  26. $ret['state'] = Array(
  27. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  28. );
  29. }
  30. retj($ret,'User - '.$context['name']);
  31. break;
  32. case 'group':
  33. back(true);
  34. // TODO - handle group requests
  35. if(false){
  36. // TODO
  37. }else{
  38. $ret['state'] = Array(
  39. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  40. );
  41. }
  42. retj($ret,'Project - '.$context['title']);
  43. break;
  44. case 'issue':
  45. back(true);
  46. // TODO - handle issue requests
  47. if(false){
  48. // TODO
  49. }else{
  50. $ret['state'] = Array(
  51. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  52. );
  53. }
  54. retj($ret,'Project - '.$context['title']);
  55. break;
  56. case 'scrum':
  57. back(true);
  58. // TODO - handle scrum requests
  59. if(false){
  60. // TODO
  61. }else{
  62. $ret['state'] = Array(
  63. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  64. );
  65. }
  66. retj($ret,'Project - '.$context['title']);
  67. break;
  68. case 'project':
  69. back(true);
  70. if(!isset($_GET['template'])){
  71. $ret['template'] = file_get_contents(PATH_DATA.'pages/project.template');
  72. }
  73. if($context = projectObj($id)){
  74. $context['user'] = userObj($context['user']);
  75. if($LOGGEDIN){
  76. $context['key'] = true;
  77. $context['user'] = userObj($_SESSION['username']);
  78. };
  79. $ret['context'] = $context;
  80. }else{
  81. $ret['state'] = Array(
  82. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  83. );
  84. }
  85. retj($ret,'Project - '.$context['title']);
  86. break;
  87. case 'message':
  88. // TODO - handle message requests
  89. if(false){
  90. // TODO
  91. }else{
  92. $ret['state'] = Array(
  93. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  94. );
  95. }
  96. retj($ret,'Project - '.$context['title']);
  97. break;
  98. case 'admin':
  99. back(true);
  100. // TODO - handle admin requests
  101. if(false){
  102. // TODO
  103. }else{
  104. $ret['state'] = Array(
  105. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  106. );
  107. }
  108. retj($ret,'Project - '.$context['title']);
  109. break;
  110. case 'page':
  111. $title = $id;
  112. if(file_exists(PATH_DATA.'pages/'.$id.'.template')){
  113. if(!isset($_GET['template'])||$_GET['template']=='true'){
  114. $ret['template'] = file_get_contents(PATH_DATA.'pages/'.$id.'.template');
  115. }
  116. $context = Array();
  117. if($LOGGEDIN){
  118. $context['key'] = true;
  119. $context['user'] = userObj($_SESSION['username']);
  120. };
  121. if(file_exists(PATH_DATA.'pages/'.$id.'.options')){
  122. $options = objectToArray(json_decode(file_get_contents(PATH_DATA.'pages/'.$id.'.options'),true));
  123. if(isset($options['secure'])&&$options['secure']&&!$LOGGEDIN){
  124. back(true);
  125. }
  126. if(isset($options['title'])){
  127. $title = $options['title'];
  128. }
  129. if(isset($options['context'])){
  130. foreach($options['context'] as $key){
  131. switch($key){
  132. case 'users':
  133. if($res = query("SELECT name FROM `users`;")){
  134. $context['users'] = fetch_all($res,MYSQLI_ASSOC);
  135. }
  136. break;
  137. case 'projects':
  138. if($res = query("SELECT p.title,p.id,p.description,u.name as user FROM `projects` p JOIN `users` u ON u.id = p.u_id")){
  139. $context['projects'] = fetch_all($res,MYSQLI_ASSOC);
  140. foreach($context['projects'] as $key => $project){
  141. $context['projects'][$key]['user'] = userObj($project['user']);
  142. }
  143. }
  144. break;
  145. case 'messages':
  146. if($LOGGEDIN){
  147. $context['messages'] = messages($context['user']['id'],'user');
  148. }else{
  149. $context['messages'] = Array();
  150. }
  151. break;
  152. }
  153. }
  154. }
  155. if(isset($options['actions'])){
  156. foreach($options['actions'] as $key){
  157. switch($key){
  158. case 'pm_mark_read':
  159. query("UPDATE `users` SET last_pm_check=CURRENT_TIMESTAMP WHERE id='%d'; ",Array(userId($_SESSION['username'])));
  160. break;
  161. }
  162. }
  163. }
  164. }
  165. $ret['context'] = $context;
  166. }else{
  167. $ret['error'] = 'That page does not exist';
  168. }
  169. retj($ret,$title);
  170. break;
  171. case 'action':
  172. switch($id){
  173. case 'login':
  174. $ret['state'] = Array(
  175. 'data'=>Array(
  176. 'type'=>'page',
  177. 'id'=>'login',
  178. )
  179. );
  180. if(isset($_GET['username'])&&isset($_GET['password'])){
  181. $key = login($_GET['username'],$_GET['password']);
  182. if($key){
  183. $_SESSION['username'] = $_GET['username'];
  184. }else{
  185. $ret['error'] = "Login failed. Username or Password didn't match.";
  186. }
  187. }else{
  188. $ret['error'] = "Please provide a valid username and password.";
  189. }
  190. retj($ret,$id);
  191. break;
  192. case 'register':
  193. $ret['state'] = Array(
  194. 'data'=>Array(
  195. 'type'=>'page',
  196. 'id'=>'register'
  197. )
  198. );
  199. if(is_valid('username')&&is_valid('password')&&is_valid('password1')&&is_valid('email')&&is_valid('captcha')){
  200. if($_GET['password']==$_GET['password1']){
  201. if(compare_captcha($_GET['captcha'])){
  202. if(addUser($_GET['username'],$_GET['password'],$_GET['email'])){
  203. $key = login($_GET['username'],$_GET['password']);
  204. $_SESSION['username'] = $_GET['username'];
  205. sendMail('welcome','Welcome!',$_GET['email'],get('email'),Array($_GET['username'],$_GET['password'],get('email')));
  206. }else{
  207. $ret['error'] = "Could not add user. ".$mysqli->error;
  208. }
  209. }else{
  210. $ret['error'] = "Captcha did not match.";
  211. }
  212. }else{
  213. $ret['error'] = "Passwords didn't match.";
  214. }
  215. }else{
  216. $ret['error'] = "Please fill in all the fields.";
  217. }
  218. retj($ret,$id);
  219. break;
  220. case 'project':
  221. back(true);
  222. $ret['state'] = Array(
  223. 'data'=>Array(
  224. 'type'=>'page',
  225. 'id'=>$id,
  226. )
  227. );
  228. if(isset($_GET['pid'])){
  229. $ret['error'] = 'Invalid Action';
  230. }elseif(is_valid('title')&&is_valid('description')){
  231. if(!newProject($_GET['title'],$_GET['description'])){
  232. $ret['error'] = 'Unable to create project.';
  233. }
  234. }else{
  235. $ret['error'] = 'Fill in all the details.';
  236. }
  237. retj($ret,$id);
  238. break;
  239. case 'message':
  240. back(true);
  241. if(isset($_GET['to'])&&isset($_GET['message'])){
  242. if($uid = userId($_GET['to'])){
  243. if(!personal_message($uid,$_GET['message'])){
  244. $ret['error'] = 'Could not send message';
  245. }
  246. }else{
  247. $ret['error'] = "That user doesn't exist";
  248. }
  249. }else{
  250. $ret['error'] = 'Empty details';
  251. }
  252. retj($ret,$id);
  253. break;
  254. case 'notifications':
  255. if($LOGGEDIN){
  256. if($res = query("SELECT count(m.id) as notifications,UNIX_TIMESTAMP(max(m.timestamp)) as timestamp FROM `messages` m JOIN `users` u ON u.id = m.to_id WHERE u.id = %d AND u.last_pm_check < m.timestamp;",Array(userId($_SESSION['username'])))){
  257. $res = $res->fetch_assoc();
  258. $ret['count'] = $res['notifications'];
  259. $ret['timestamp'] = $res['timestamp'];
  260. }
  261. }
  262. retj($ret,$_GET['title']);
  263. break;
  264. case 'comment':
  265. if(isset($_GET['comment_type'])&&isset($_GET['comment_id'])&&isset($_GET['message'])){
  266. $cid = $_GET['comment_id'];
  267. $ret = Array(
  268. 'state'=>stateObj($_GET['comment_type'],$cid)
  269. );
  270. switch($_GET['comment_type']){
  271. case 'project':
  272. if(!function_exists('project_comment')){
  273. $ret['error'] = "fn doesn't exist!";
  274. }
  275. if(!project_comment($cid,$_GET['message'])){
  276. $ret = Array(
  277. 'error'=>'Could not comment on project'
  278. );
  279. }
  280. break;
  281. default:
  282. $ret['error'] = 'Comment type not implemented';
  283. }
  284. }else{
  285. $ret['error'] = 'Missing comment paremeters';
  286. $ret['state'] = Array(
  287. 'title'=>'error'
  288. );
  289. }
  290. retj($ret,$ret['state']['title']);
  291. break;
  292. default:
  293. retj(Array(
  294. 'error'=>'Invalid action.'
  295. ));
  296. }
  297. break;
  298. default:
  299. retj(Array(
  300. 'error'=>'Invalid type.'
  301. ));
  302. }
  303. }else{
  304. retj(Array(
  305. 'error'=>'ID missing.'
  306. ));
  307. }
  308. }else{
  309. retj(Array(
  310. 'error'=>'Type missing.'
  311. ));
  312. }
  313. ?>