X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=af8af1a836a65baef44b819cae3953422d1bb88a;hp=0d6e7273349f9bcfd98307c817a97072dab9906b;hb=3c74920cb66b4e6c47c7e8a0eaeed40ffb7e8544;hpb=b6cae6a5698c5d0655d921f78f0ccab470bf034c diff --git a/api.php b/api.php index 0d6e727..af8af1a 100644 --- a/api.php +++ b/api.php @@ -6,6 +6,17 @@ function exit_document ($body) { exit ("$body"); } +function success ($reason) { + exit_document (""); +} + +function success_newuser ($username) { + $res = "" . + htmlspecialchars ($user) . + ""; + exit_document ($res); +} + function success_auth ($user) { $res = "" . htmlspecialchars ($user) . @@ -46,14 +57,14 @@ function success_delete_feature ($feature) { exit_document ($res); } -function success ($reason) { - exit_document (""); -} - function error ($reason) { exit_document (""); } +function error_newuser_exists () { + error ("newuser_exists"); +} + function error_feature ($id, $reason) { $res = ""; $res .= "" . $id . ""; @@ -61,30 +72,30 @@ function error_feature ($id, $reason) { exit_document ($res); } -function nochange_error ($id) { +function error_nochange ($id) { error_feature ($id, "nochange"); } -function unreferenced_error ($id) { +function error_unreferenced ($id) { error_feature ($id, "unreferenced"); } -function server_error () { +function error_server () { error ("server"); } -function unauthorized_error () { +function error_unauthorized () { error ("unauthorized"); } -function request_error () { +function error_request () { error ("request"); } -function file_too_big_error () { +function error_file_too_big () { error ("toobig"); } -function notanimage_error () { +function error_notanimage () { error ("notimage"); } @@ -95,12 +106,12 @@ function save_uploaded_file ($file, $con) { $dest = unique_file (UPLOADDIR, $file ["name"], $con); if (!isset ($dest) || (!move_uploaded_file ($file ["tmp_name"], $dest))) { - server_error (); + error_server (); } $mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest); if (!create_thumbnail_or_copy ($dest, $mini_dest)) { - server_error (); + error_server (); } } return basename_safe ($dest); @@ -109,13 +120,13 @@ function save_uploaded_file ($file, $con) { function img_check_upload ($file) { if (!is_uploaded_file ($file ["tmp_name"])) { if ($file ["error"] == UPLOAD_ERR_INI_SIZE) { - file_too_big_error (); + error_file_too_big (); } else { - server_error (); + error_server (); } } if (!getimagesize ($file ["tmp_name"])) { - notanimage_error (); + error_notanimage (); } } @@ -181,20 +192,20 @@ function check_auth ($con, $user, $pwd, $auth_only) { success_auth ($user); } } else { - unauthorized_error (); + error_unauthorized (); } } if (!$authentificated && !($con->checkpwdmd5 ( $_COOKIE [sprintf ("%suser", DBPREFIX)], $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) { - unauthorized_error (); + error_unauthorized (); } } function main ($con) { if (!isset ($_POST ["request"])) { - request_error (); + error_request (); } $pwd = unquote ($_POST ["password"]); @@ -211,10 +222,10 @@ function main ($con) { $id = $_POST ["fid"]; $feature = $con->getfeature ($id); if (!isset ($feature)) { - unreferenced_error ($id); + error_unreferenced ($id); } if ($feature->user != $user) { - unauthorized_error (); + error_unauthorized (); } // no file uploaded, but editor currently has an image: it means @@ -233,7 +244,7 @@ function main ($con) { try { $new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0, $user); } catch (Exception $e) { - request_error (); + error_request (); } if (($new_feature->lon == $feature->lon) && @@ -241,7 +252,7 @@ function main ($con) { ($new_feature->title == $feature->title) && ($new_feature->imgpath == $feature->imgpath) && ($new_feature->description == $feature->description)) { - nochange_error ($feature->id); + error_nochange ($feature->id); } $old_imgpath = ""; @@ -252,7 +263,7 @@ function main ($con) { try { $con->save_feature ($new_feature); } catch (Exception $e) { - server_error (); + error_server (); } if ($old_imgpath) { try { @@ -271,12 +282,12 @@ function main ($con) { try { $feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0, $user); } catch (Exception $e) { - request_error (); + error_request (); } try { $feature = $con->save_feature ($feature); } catch (Exception $e) { - server_error (); + error_server (); } success_feature ($feature, "add"); break; @@ -284,17 +295,17 @@ function main ($con) { $id = $_POST ["fid"]; $feature = $con->getfeature ($id); if (!isset ($feature)) { - unreferenced_error ($id); + error_unreferenced ($id); } if ($feature->user != $user) { - unauthorized_error (); + error_unauthorized (); } $imgpath = $feature->imgpath; try { $con->delete_feature ($feature); } catch (Exception $e) { - server_error (); + error_server (); } try { @@ -302,16 +313,36 @@ function main ($con) { } catch (Exception $e) {} success_delete_feature ($feature); + case "newuser": + if ($user != "admin") { + error_unauthorized (); + } + $newuser_name = unquote ($_POST ["newuser_name"]); + if (!$newuser_name) { + error_request (); + } + $newuser_password = unquote ($_POST ["newuser_password"]); + try { + $con->setpwd ($newuser_name, $newuser_password, false); + } catch (Exception $e) { + if ($e->getMessage () == anydbConnection::err_query) { + error_newuser_exists (); + } else { + error_server (); + } + } + success_newuser ($newuser_name); + break; default: - request_error(); + error_request(); break; } - server_error (); + error_server (); } if (!@include_once ("./inc/settings.php")) { - server_error (); + error_server (); } require_once ("./inc/db/mysql.php"); require_once ("./inc/utils.php"); @@ -319,7 +350,7 @@ require_once ("./inc/utils.php"); try { $connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX); } catch (Exception $e) { - server_error (); + error_server (); } main ($connection);