|
1
|
|
|
<?php |
|
2
|
|
|
$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; |
|
3
|
|
|
|
|
4
|
|
|
/** |
|
5
|
|
|
* Helper class for our API |
|
6
|
|
|
**/ |
|
7
|
|
|
class Api extends Base { |
|
8
|
|
|
private $api_version = '1.0.0'; |
|
9
|
|
|
|
|
10
|
|
|
function setStartTime($dStartTime) { |
|
|
|
|
|
|
11
|
|
|
$this->dStartTime = $dStartTime; |
|
|
|
|
|
|
12
|
|
|
} |
|
13
|
|
|
function isActive($error=true) { |
|
|
|
|
|
|
14
|
|
|
if (!$this->setting->getValue('disable_api')) { |
|
|
|
|
|
|
15
|
|
|
return true; |
|
16
|
|
|
} else { |
|
17
|
|
|
if ($error == true) { |
|
|
|
|
|
|
18
|
|
|
unset($_SESSION['POPUP']); |
|
19
|
|
|
header('HTTP/1.1 501 Not implemented'); |
|
20
|
|
|
die('501 Not implemented'); |
|
21
|
|
|
} |
|
22
|
|
|
} |
|
23
|
|
|
} |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* Create API json object from input array |
|
27
|
|
|
* @param data Array data to create JSON for |
|
28
|
|
|
* @param force bool Enforce a JSON object |
|
29
|
|
|
* @return string JSON object |
|
30
|
|
|
**/ |
|
31
|
|
|
function get_json($data, $force=false) { |
|
|
|
|
|
|
32
|
|
|
$json = json_encode( |
|
33
|
|
|
array( $_REQUEST['action'] => array( |
|
34
|
|
|
'version' => $this->api_version, |
|
35
|
|
|
'runtime' => (microtime(true) - $this->dStartTime) * 1000, |
|
36
|
|
|
'data' => $data |
|
37
|
|
|
)), $force ? JSON_FORCE_OBJECT : 0 |
|
38
|
|
|
); |
|
39
|
|
|
// JSONP support issue #1700 |
|
40
|
|
|
if (isset($_REQUEST['callback']) && ctype_alpha($_REQUEST['callback'])) { |
|
41
|
|
|
header('Content-type: application/json; charset=utf-8'); |
|
42
|
|
|
return $_REQUEST['callback'] . '(' . $json . ');'; |
|
43
|
|
|
} |
|
44
|
|
|
return $json; |
|
45
|
|
|
} |
|
46
|
|
|
|
|
47
|
|
|
/** |
|
48
|
|
|
* Check user access level to the API call |
|
49
|
|
|
**/ |
|
50
|
|
|
function checkAccess($user_id, $get_id=NULL) { |
|
|
|
|
|
|
51
|
|
|
if (!empty($get_id) && is_array($get_id)) die("Access denied"); |
|
52
|
|
|
if (is_array($user_id)) die("Access denied"); |
|
53
|
|
|
if ( ! $this->user->isAdmin($user_id) && (!empty($get_id) && $get_id != $user_id || !is_int($user_id))) { |
|
54
|
|
|
// User is NOT admin and tries to access an ID that is not their own |
|
55
|
|
|
header("HTTP/1.1 401 Unauthorized"); |
|
56
|
|
|
die("Access denied"); |
|
57
|
|
|
} else if ($this->user->isAdmin($user_id) && !empty($get_id)) { |
|
58
|
|
|
// User is an admin and tries to fetch another users data |
|
59
|
|
|
$id = $get_id; |
|
60
|
|
|
// Is it a username or a user ID |
|
61
|
|
|
ctype_digit($_REQUEST['id']) ? $id = $get_id : $id = $this->user->getUserId($get_id); |
|
|
|
|
|
|
62
|
|
|
} else { |
|
63
|
|
|
$id = $user_id; |
|
64
|
|
|
} |
|
65
|
|
|
return $id; |
|
66
|
|
|
} |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
$api = new Api(); |
|
70
|
|
|
$api->setConfig($config); |
|
71
|
|
|
$api->setUser($user); |
|
72
|
|
|
$api->setSetting($setting); |
|
73
|
|
|
$api->setStartTime($dStartTime=microtime(true)); |
|
74
|
|
|
|
MPOS /
php-mpos
Loading history...
Adding explicit visibility (
private,protected, orpublic) is generally recommend to communicate to other developers how, and from where this method is intended to be used.