Add user endpoint
This commit is contained in:
parent
3526c1f058
commit
d3551c4f0c
1 changed files with 103 additions and 16 deletions
119
jensmemes.php
119
jensmemes.php
|
@ -41,19 +41,19 @@ if ($method == "GET") {
|
|||
$obj->status = 200;
|
||||
$query = "SELECT * FROM images";
|
||||
if (isset($_GET["category"])) {
|
||||
$query = addCondition('cat="' . $_GET["category"] . '"', $query);
|
||||
$query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query);
|
||||
}
|
||||
if (isset($_GET["user"])) {
|
||||
$query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query);
|
||||
$query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query);
|
||||
}
|
||||
if (isset($_GET["search"])) {
|
||||
$query = addCondition('path LIKE "%' . $_GET["search"] . '%"', $query);
|
||||
$query = addCondition('path LIKE "%' . santinize($_GET["search"]) . '%"', $query);
|
||||
}
|
||||
$obj->memes = memesArray($query);
|
||||
break;
|
||||
case "/meme":
|
||||
if (isset($_GET["id"])) {
|
||||
$q = 'SELECT * FROM images WHERE id=' . $_GET["id"];
|
||||
$q = 'SELECT * FROM images WHERE id=' . santinize($_GET["id"]);
|
||||
$res = mysqli_query($jmcon, $q);
|
||||
checksql($res);
|
||||
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
||||
|
@ -70,10 +70,10 @@ if ($method == "GET") {
|
|||
case "/random":
|
||||
$query = "SELECT * FROM images";
|
||||
if (isset($_GET["category"])) {
|
||||
$query = addCondition('cat="' . $_GET["category"] . '"', $query);
|
||||
$query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query);
|
||||
}
|
||||
if (isset($_GET["user"])) {
|
||||
$query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query);
|
||||
$query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query);
|
||||
}
|
||||
$memes = memesArray($query);
|
||||
$random = rand(0, count($memes) - 1);
|
||||
|
@ -91,7 +91,7 @@ if ($method == "GET") {
|
|||
break;
|
||||
case "/category":
|
||||
if (isset($_GET["id"])) {
|
||||
$q = 'SELECT * FROM cats WHERE id="' . $_GET["id"] . '"';
|
||||
$q = 'SELECT * FROM cats WHERE id="' . santinize($_GET["id"]) . '"';
|
||||
$res = mysqli_query($jmcon, $q);
|
||||
checksql($res);
|
||||
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
||||
|
@ -110,8 +110,9 @@ if ($method == "GET") {
|
|||
while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
|
||||
$user = new stdClass();
|
||||
$user->name = $row["name"];
|
||||
$user->tokenhash = $row["userdir"];
|
||||
$user->tokenhash = md5($row["token"]);
|
||||
$user->userdir = $row["userdir"];
|
||||
$user->id = $row["userdir"];
|
||||
$user->dayuploads = $row["uploadsLast24H"];
|
||||
array_push($users, $user);
|
||||
}
|
||||
|
@ -119,12 +120,31 @@ if ($method == "GET") {
|
|||
$obj->users = $users;
|
||||
$obj->status = 200;
|
||||
break;
|
||||
case "/token/random":
|
||||
if (isset($_GET["user"])) {
|
||||
case "/user":
|
||||
$q_user = "SELECT * FROM token";
|
||||
if ($_GET["id"]) {
|
||||
$q_user = addCondition('userdir="' . santinize($_GET["id"]) . '"', $q_user);
|
||||
}
|
||||
else if ($_GET["token"]) {
|
||||
$q_user = addCondition('token="' . santinize($_GET["token"]) . '"', $q_user);
|
||||
}
|
||||
else if ($_GET["name"]) {
|
||||
$q_user = addCondition('name LIKE "%' . santinize($_GET["name"]) . '%"', $q_user);
|
||||
}
|
||||
$res = mysqli_query($jmcon, $q_user);
|
||||
checksql($res);
|
||||
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
||||
if ($row) {
|
||||
$user = new stdClass();
|
||||
$user->name = $row["name"];
|
||||
$user->tokenhash = md5($row["token"]);
|
||||
$user->userdir = $row["userdir"];
|
||||
$user->id = $row["userdir"];
|
||||
$user->dayuploads = $row["uploadsLast24H"];
|
||||
$obj->user = $user;
|
||||
$obj->status = 200;
|
||||
$obj->token = genToken($_GET["user"]);
|
||||
} else {
|
||||
$obj->error = "Need to set a user with ?user";
|
||||
$obj->error = "user not found";
|
||||
}
|
||||
break;
|
||||
default:
|
||||
|
@ -136,6 +156,8 @@ if ($method == "GET") {
|
|||
case "/upload":
|
||||
upload();
|
||||
break;
|
||||
case "/admin":
|
||||
admin(file_get_contents("php://input"));
|
||||
}
|
||||
|
||||
|
||||
|
@ -214,11 +236,22 @@ function genToken($discord) {
|
|||
return md5($prehash);
|
||||
}
|
||||
|
||||
function santinize($input) {
|
||||
global $jmcon;
|
||||
$out = str_replace(" ", "", $input);
|
||||
$out = str_replace("'", "", $out);
|
||||
$out = str_replace('"', "", $out);
|
||||
$out = mysqli_escape_string($jmcon, $out);
|
||||
return $out;
|
||||
}
|
||||
|
||||
function upload() {
|
||||
global $jmcon;
|
||||
global $obj;
|
||||
global $jmimagepath;
|
||||
global $jmurl;
|
||||
$token = $_POST["token"];
|
||||
$token = santinize($token);
|
||||
$cat = $_POST["category"];
|
||||
$obj->token = $token;
|
||||
if (isset($token)) {
|
||||
|
@ -243,10 +276,10 @@ function upload() {
|
|||
$type = gettype($_FILES['file']['name']);
|
||||
if ($type != "array") {
|
||||
$filename = $_FILES['file']['name'];
|
||||
if (isset($filename)) {
|
||||
$obj->file = $filename;
|
||||
if ($filename != "") {
|
||||
move_uploaded_file($_FILES['file']['tmp_name'], $jmimagepath . $homedir . "/" . $filename);
|
||||
$path = "images/" . $homedir . "/" . $filename;
|
||||
$obj->file = $jmurl.$path;
|
||||
$clientIP = $_SERVER['REMOTE_ADDR'];;
|
||||
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
|
||||
$res = mysqli_query($jmcon, $sqlType);
|
||||
|
@ -256,10 +289,10 @@ function upload() {
|
|||
$obj->files = array();
|
||||
for ($i = 0; $i < $countfiles; $i++) {
|
||||
$filename = $_FILES['file']['name'][$i];
|
||||
if (isset($filename)) {
|
||||
array_push($obj->files, $filename);
|
||||
if ($filename != "") {
|
||||
move_uploaded_file($_FILES['file']['tmp_name'][$i], $jmimagepath . $homedir . "/" . $filename);
|
||||
$path = "images/" . $homedir . "/" . $filename;
|
||||
array_push($obj->files, $jmurl.$path);
|
||||
$clientIP = $_SERVER['REMOTE_ADDR'];;
|
||||
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
|
||||
$res = mysqli_query($jmcon, $sqlType);
|
||||
|
@ -284,3 +317,57 @@ function upload() {
|
|||
$obj->status = 401;
|
||||
}
|
||||
}
|
||||
|
||||
function admin($data) {
|
||||
global $obj;
|
||||
global $jmkey;
|
||||
global $jmcon;
|
||||
$decr = "";
|
||||
openssl_public_decrypt(base64_decode($data), $decr, $jmkey);
|
||||
$req = json_decode($decr);
|
||||
if ($req == null) {
|
||||
$obj->status = 400;
|
||||
$obj->error = "bad request or unauthorized";
|
||||
} else {
|
||||
switch ($req->method) {
|
||||
case "gettoken":
|
||||
$user = $req->user;
|
||||
$query = "SELECT * FROM token WHERE name='$user'";
|
||||
$res = mysqli_query($jmcon, $query);
|
||||
checksql($res);
|
||||
$tok = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
||||
if ($tok) {
|
||||
$obj->status = 200;
|
||||
$obj->token = encrypt($tok["token"], $jmkey);
|
||||
}
|
||||
break;
|
||||
case "register":
|
||||
$user = $req->user;
|
||||
$query = "SELECT * FROM token WHERE name='$user'";
|
||||
$res = mysqli_query($jmcon, $query);
|
||||
checksql($res);
|
||||
$tok = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
||||
if ($tok) {
|
||||
$obj->status = 200;
|
||||
$obj->token = encrypt($tok["token"], $jmkey);
|
||||
} else {
|
||||
$token = genToken($user);
|
||||
$userdir = md5($user);
|
||||
$query = "INSERT INTO token (name, token, userdir) VALUES ('$user', '$token', '$userdir')";
|
||||
$res = mysqli_query($jmcon, $query);
|
||||
checksql($res);
|
||||
if ($res) {
|
||||
$obj->status = 201;
|
||||
$obj->token = encrypt($token, $jmkey);
|
||||
$obj->userdir = $userdir;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function encrypt($data, $pubkey) {
|
||||
$encr = "";
|
||||
openssl_public_encrypt($data, $encr, $pubkey);
|
||||
return base64_encode($encr);
|
||||
}
|
Reference in a new issue