X-Git-Url: https://dev.renevier.net/?a=blobdiff_plain;f=api.php;h=ac49d76665ca7cec11da77cad84d1b03c3bc3181;hb=a4cc34ce34903e12a12a205440b49525feae7b0d;hp=0d6e7273349f9bcfd98307c817a97072dab9906b;hpb=b6cae6a5698c5d0655d921f78f0ccab470bf034c;p=syp.git
diff --git a/api.php b/api.php
index 0d6e727..ac49d76 100644
--- a/api.php
+++ b/api.php
@@ -3,7 +3,26 @@
license. */
function exit_document ($body) {
- exit ("
$body");
+ $charset_meta = '';
+ exit ("$charset_meta$body");
+}
+
+function success ($reason) {
+ exit_document ("");
+}
+
+function success_changepass ($username) {
+ $res = "" .
+ htmlspecialchars ($username) .
+ "";
+ exit_document ($res);
+}
+
+function success_newuser ($username) {
+ $res = "" .
+ htmlspecialchars ($username) .
+ "";
+ exit_document ($res);
}
function success_auth ($user) {
@@ -46,14 +65,14 @@ function success_delete_feature ($feature) {
exit_document ($res);
}
-function success ($reason) {
- exit_document ("");
-}
-
function error ($reason) {
exit_document ("");
}
+function error_newuser_exists () {
+ error ("newuser_exists");
+}
+
function error_feature ($id, $reason) {
$res = "";
$res .= "" . $id . "";
@@ -61,30 +80,34 @@ function error_feature ($id, $reason) {
exit_document ($res);
}
-function nochange_error ($id) {
+function error_nochange ($id) {
error_feature ($id, "nochange");
}
-function unreferenced_error ($id) {
+function error_unreferenced ($id) {
error_feature ($id, "unreferenced");
}
-function server_error () {
+function error_server () {
error ("server");
}
-function unauthorized_error () {
+function error_wrongpass () {
+ error ("wrongpass");
+}
+
+function error_unauthorized () {
error ("unauthorized");
}
-function request_error () {
+function error_request () {
error ("request");
}
-function file_too_big_error () {
+function error_file_too_big () {
error ("toobig");
}
-function notanimage_error () {
+function error_notanimage () {
error ("notimage");
}
@@ -95,12 +118,12 @@ function save_uploaded_file ($file, $con) {
$dest = unique_file (UPLOADDIR, $file ["name"], $con);
if (!isset ($dest) ||
(!move_uploaded_file ($file ["tmp_name"], $dest))) {
- server_error ();
+ error_server ();
}
$mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest);
if (!create_thumbnail_or_copy ($dest, $mini_dest)) {
- server_error ();
+ error_server ();
}
}
return basename_safe ($dest);
@@ -109,13 +132,13 @@ function save_uploaded_file ($file, $con) {
function img_check_upload ($file) {
if (!is_uploaded_file ($file ["tmp_name"])) {
if ($file ["error"] == UPLOAD_ERR_INI_SIZE) {
- file_too_big_error ();
+ error_file_too_big ();
} else {
- server_error ();
+ error_server ();
}
}
if (!getimagesize ($file ["tmp_name"])) {
- notanimage_error ();
+ error_notanimage ();
}
}
@@ -166,35 +189,45 @@ function unique_file ($dirname, $relpath, $con) {
return null;
}
+function setcookies ($user, $pwd) {
+ // cookie will be valid for 2 weeks. I've chosen that value
+ // arbitrarily, and it may change in the future.
+ $time = time () + 14 * 60 * 24 * 60;
+ if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ } else {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+ }
+
+}
+
function check_auth ($con, $user, $pwd, $auth_only) {
$authentificated = false;
if (isset ($pwd)) {
if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
- // cookie will be valid for 2 weeks. I've chosen that value
- // arbitrarily, and it may change in the future.
- $time = time () + 14 * 60 * 24 * 60;
- setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
- setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ setcookies ($user, $pwd);
$authentificated = true;
if ($auth_only) {
success_auth ($user);
}
} else {
- unauthorized_error ();
+ error_unauthorized ();
}
}
if (!$authentificated && !($con->checkpwdmd5 (
$_COOKIE [sprintf ("%suser", DBPREFIX)],
$_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
- unauthorized_error ();
+ error_unauthorized ();
}
}
function main ($con) {
if (!isset ($_POST ["request"])) {
- request_error ();
+ error_request ();
}
$pwd = unquote ($_POST ["password"]);
@@ -211,10 +244,10 @@ function main ($con) {
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
}
- if ($feature->user != $user) {
- unauthorized_error ();
+ if (($feature->user != $user) && ($user != "admin")) {
+ error_unauthorized ();
}
// no file uploaded, but editor currently has an image: it means
@@ -233,7 +266,7 @@ function main ($con) {
try {
$new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
if (($new_feature->lon == $feature->lon) &&
@@ -241,7 +274,7 @@ function main ($con) {
($new_feature->title == $feature->title) &&
($new_feature->imgpath == $feature->imgpath) &&
($new_feature->description == $feature->description)) {
- nochange_error ($feature->id);
+ error_nochange ($feature->id);
}
$old_imgpath = "";
@@ -252,7 +285,7 @@ function main ($con) {
try {
$con->save_feature ($new_feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
if ($old_imgpath) {
try {
@@ -271,12 +304,12 @@ function main ($con) {
try {
$feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
try {
$feature = $con->save_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
success_feature ($feature, "add");
break;
@@ -284,17 +317,17 @@ function main ($con) {
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
}
if ($feature->user != $user) {
- unauthorized_error ();
+ error_unauthorized ();
}
$imgpath = $feature->imgpath;
try {
$con->delete_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
try {
@@ -302,16 +335,49 @@ function main ($con) {
} catch (Exception $e) {}
success_delete_feature ($feature);
+ case "changepass":
+ $currpass = unquote ($_POST ["pass_current"]);
+ if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
+ error_wrongpass ();
+ }
+ $newpass = unquote ($_POST ["pass_new"]);
+ try {
+ $con->setpwd ($user, $newpass);
+ } catch (Exception $e) {
+ error_server ();
+ }
+ setcookies ($user, $newpass);
+ success_changepass ($user);
+ break;
+ case "newuser":
+ if ($user != "admin") {
+ error_unauthorized ();
+ }
+ $newuser_name = unquote ($_POST ["newuser_name"]);
+ if (!$newuser_name) {
+ error_request ();
+ }
+ if ($con->user_exists ($newuser_name)) {
+ error_newuser_exists ();
+ }
+ $newuser_password = unquote ($_POST ["newuser_password"]);
+ try {
+ $con->setpwd ($newuser_name, $newuser_password);
+ } catch (Exception $e) {
+ error_server ();
+ }
+ success_newuser ($newuser_name);
+ break;
default:
- request_error();
+ error_request();
break;
}
- server_error ();
+ error_server ();
}
if (!@include_once ("./inc/settings.php")) {
- server_error ();
+ error_server ();
}
require_once ("./inc/db/mysql.php");
require_once ("./inc/utils.php");
@@ -319,7 +385,7 @@ require_once ("./inc/utils.php");
try {
$connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
main ($connection);