api.php 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330
  1. <?php
  2. require_once('php/include.php');
  3. // TODO - Add API handling.
  4. $method = $_SERVER['REQUEST_METHOD'];
  5. $ret = array();
  6. if(isset($_GET['type'])){
  7. if(isset($_GET['id'])){
  8. $id = $_GET['id'];
  9. switch($_GET['type']){
  10. case 'user':
  11. back(true);
  12. if(!isset($_GET['template'])){
  13. $ret['template'] = file_get_contents(PATH_DATA.'pages/user.template');
  14. }
  15. if($user = userObj($id)){
  16. $context = array(
  17. 'name'=>$user['name'],
  18. 'email'=>$user['email']
  19. );
  20. if($LOGGEDIN){
  21. $context['key'] = true;
  22. $context['user'] = userObj($_SESSION['username']);
  23. };
  24. $ret['context'] = $context;
  25. }else{
  26. $ret['state'] = array(
  27. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  28. );
  29. }
  30. retj($ret,'User - '.$context['name']);
  31. break;
  32. case 'group':
  33. back(true);
  34. // TODO - handle group requests
  35. if(false){
  36. // TODO
  37. }else{
  38. $ret['state'] = array(
  39. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  40. );
  41. }
  42. retj($ret,'Project - '.$context['title']);
  43. break;
  44. case 'issue':
  45. back(true);
  46. // TODO - handle issue requests
  47. if(false){
  48. // TODO
  49. }else{
  50. $ret['state'] = array(
  51. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  52. );
  53. }
  54. retj($ret,'Project - '.$context['title']);
  55. break;
  56. case 'scrum':
  57. back(true);
  58. // TODO - handle scrum requests
  59. if(false){
  60. // TODO
  61. }else{
  62. $ret['state'] = array(
  63. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  64. );
  65. }
  66. retj($ret,'Project - '.$context['title']);
  67. break;
  68. case 'project':
  69. back(true);
  70. if(!isset($_GET['template'])){
  71. $ret['template'] = file_get_contents(PATH_DATA.'pages/project.template');
  72. }
  73. if($context = projectObj($id)){
  74. $context['user'] = userObj($context['user']);
  75. if($LOGGEDIN){
  76. $context['key'] = true;
  77. $context['user'] = userObj($_SESSION['username']);
  78. };
  79. $ret['context'] = $context;
  80. }else{
  81. $ret['state'] = array(
  82. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  83. );
  84. }
  85. retj($ret,'Project - '.$context['title']);
  86. break;
  87. case 'message':
  88. // TODO - handle message requests
  89. if(false){
  90. // TODO
  91. }else{
  92. $ret['state'] = array(
  93. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  94. );
  95. }
  96. retj($ret,'Project - '.$context['title']);
  97. break;
  98. case 'admin':
  99. back(true);
  100. // TODO - handle admin requests
  101. if(false){
  102. // TODO
  103. }else{
  104. $ret['state'] = array(
  105. 'url'=>isset($_GET['back'])?$_GET['back']:'page-index'
  106. );
  107. }
  108. retj($ret,'Project - '.$context['title']);
  109. break;
  110. case 'page':
  111. $title = $id;
  112. if(file_exists(PATH_DATA.'pages/'.$id.'.template')){
  113. if(!isset($_GET['template'])||$_GET['template']=='true'){
  114. $ret['template'] = file_get_contents(PATH_DATA.'pages/'.$id.'.template');
  115. }
  116. $context = array();
  117. if($LOGGEDIN){
  118. $context['key'] = true;
  119. $context['user'] = userObj($_SESSION['username']);
  120. };
  121. if(file_exists(PATH_DATA.'pages/'.$id.'.options')){
  122. $options = objectToarray(json_decode(file_get_contents(PATH_DATA.'pages/'.$id.'.options'),true));
  123. if(isset($options['secure'])&&$options['secure']&&!$LOGGEDIN){
  124. back(true);
  125. }
  126. if(isset($options['title'])){
  127. $title = $options['title'];
  128. }
  129. if(isset($options['context'])){
  130. foreach($options['context'] as $key){
  131. switch($key){
  132. case 'users':
  133. if($res = query("SELECT name FROM `users`;")){
  134. $context['users'] = fetch_all($res,MYSQLI_ASSOC);
  135. }
  136. break;
  137. case 'projects':
  138. if($res = query("SELECT p.title,p.id,p.description,u.name as user FROM `projects` p JOIN `users` u ON u.id = p.u_id")){
  139. $context['projects'] = fetch_all($res,MYSQLI_ASSOC);
  140. foreach($context['projects'] as $key => $project){
  141. $context['projects'][$key]['user'] = userObj($project['user']);
  142. }
  143. }
  144. break;
  145. case 'messages':
  146. if($LOGGEDIN){
  147. $context['messages'] = messages($context['user']['id'],'user');
  148. }else{
  149. $context['messages'] = array();
  150. }
  151. break;
  152. }
  153. }
  154. }
  155. if(isset($options['actions'])){
  156. foreach($options['actions'] as $key){
  157. switch($key){
  158. case 'pm_mark_read':
  159. query("UPDATE `users` SET last_pm_check=CURRENT_TIMESTAMP WHERE id='%d'; ",array(userId($_SESSION['username'])));
  160. break;
  161. }
  162. }
  163. }
  164. }
  165. $ret['context'] = $context;
  166. }else{
  167. $ret['error'] = 'That page does not exist';
  168. }
  169. retj($ret,$title);
  170. break;
  171. case 'manifest':
  172. case 'pages':
  173. if(isset($_GET['manifest'])){
  174. $files = array_diff(scandir(dirname(PATH_DATA.'/'.$_GET['manifest'])),array('..', '.'));
  175. foreach($files as $k => $file){
  176. $files[$k] = basename($file)."\n";
  177. }
  178. retj(array(
  179. 'manifest'=>$files
  180. ));
  181. }else{
  182. retj(array(
  183. 'error'=>'Manifest not defined'
  184. ));
  185. }
  186. break;
  187. break;
  188. case 'action':
  189. switch($id){
  190. case 'login':
  191. $ret['state'] = array(
  192. 'data'=>array(
  193. 'type'=>'page',
  194. 'id'=>'login',
  195. )
  196. );
  197. if(isset($_GET['username'])&&isset($_GET['password'])){
  198. $key = login($_GET['username'],$_GET['password']);
  199. if($key){
  200. $_SESSION['username'] = $_GET['username'];
  201. }else{
  202. $ret['error'] = "Login failed. Username or Password didn't match.";
  203. }
  204. }else{
  205. $ret['error'] = "Please provide a valid username and password.";
  206. }
  207. retj($ret,$id);
  208. break;
  209. case 'register':
  210. $ret['state'] = array(
  211. 'data'=>array(
  212. 'type'=>'page',
  213. 'id'=>'register'
  214. )
  215. );
  216. if(is_valid('username')&&is_valid('password')&&is_valid('password1')&&is_valid('email')&&is_valid('captcha')){
  217. if($_GET['password']==$_GET['password1']){
  218. if(compare_captcha($_GET['captcha'])){
  219. if(addUser($_GET['username'],$_GET['password'],$_GET['email'])){
  220. $key = login($_GET['username'],$_GET['password']);
  221. $_SESSION['username'] = $_GET['username'];
  222. sendMail('welcome','Welcome!',$_GET['email'],get('email'),array($_GET['username'],$_GET['password'],get('email')));
  223. }else{
  224. $ret['error'] = "Could not add user. ".$mysqli->error;
  225. }
  226. }else{
  227. $ret['error'] = "Captcha did not match.";
  228. }
  229. }else{
  230. $ret['error'] = "Passwords didn't match.";
  231. }
  232. }else{
  233. $ret['error'] = "Please fill in all the fields.";
  234. }
  235. retj($ret,$id);
  236. break;
  237. case 'project':
  238. back(true);
  239. $ret['state'] = array(
  240. 'data'=>array(
  241. 'type'=>'page',
  242. 'id'=>$id,
  243. )
  244. );
  245. if(isset($_GET['pid'])){
  246. $ret['error'] = 'Invalid Action';
  247. }elseif(is_valid('title')&&is_valid('description')){
  248. if(!newProject($_GET['title'],$_GET['description'])){
  249. $ret['error'] = 'Unable to create project.';
  250. }
  251. }else{
  252. $ret['error'] = 'Fill in all the details.';
  253. }
  254. retj($ret,$id);
  255. break;
  256. case 'message':
  257. back(true);
  258. if(isset($_GET['to'])&&isset($_GET['message'])){
  259. if($uid = userId($_GET['to'])){
  260. if(!personal_message($uid,$_GET['message'])){
  261. $ret['error'] = 'Could not send message';
  262. }
  263. }else{
  264. $ret['error'] = "That user doesn't exist";
  265. }
  266. }else{
  267. $ret['error'] = 'Empty details';
  268. }
  269. retj($ret,$id);
  270. break;
  271. case 'notifications':
  272. if($LOGGEDIN){
  273. if($res = query("SELECT count(m.id) as notifications,UNIX_TIMESTAMP(max(m.timestamp)) as timestamp FROM `messages` m JOIN `users` u ON u.id = m.to_id WHERE u.id = %d AND u.last_pm_check < m.timestamp;",array(userId($_SESSION['username'])))){
  274. $res = $res->fetch_assoc();
  275. $ret['count'] = $res['notifications'];
  276. $ret['timestamp'] = $res['timestamp'];
  277. }
  278. }
  279. retj($ret,$_GET['title']);
  280. break;
  281. case 'comment':
  282. if(isset($_GET['comment_type'])&&isset($_GET['comment_id'])&&isset($_GET['message'])){
  283. $cid = $_GET['comment_id'];
  284. $ret = array(
  285. 'state'=>stateObj($_GET['comment_type'],$cid)
  286. );
  287. switch($_GET['comment_type']){
  288. case 'project':
  289. if(!function_exists('project_comment')){
  290. $ret['error'] = "fn doesn't exist!";
  291. }
  292. if(!project_comment($cid,$_GET['message'])){
  293. $ret = array(
  294. 'error'=>'Could not comment on project'
  295. );
  296. }
  297. break;
  298. default:
  299. $ret['error'] = 'Comment type not implemented';
  300. }
  301. }else{
  302. $ret['error'] = 'Missing comment paremeters';
  303. $ret['state'] = array(
  304. 'title'=>'error'
  305. );
  306. }
  307. retj($ret,$ret['state']['title']);
  308. break;
  309. default:
  310. retj(array(
  311. 'error'=>'Invalid action.'
  312. ));
  313. }
  314. break;
  315. default:
  316. retj(array(
  317. 'error'=>'Invalid type.'
  318. ));
  319. }
  320. }else{
  321. retj(array(
  322. 'error'=>'ID missing.'
  323. ));
  324. }
  325. }else{
  326. retj(array(
  327. 'error'=>'Type missing.'
  328. ));
  329. }
  330. ?>