-
Notifications
You must be signed in to change notification settings - Fork 7
/
api.php
107 lines (95 loc) · 3.71 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
/*******************************************************************************
*******************************************************************************
** Author: Samuel Levy <[email protected]>
**
** File: api.php
**
** Description: Calls API functions
**
** Copyright (c) 2012 Samuel Levy
**
** Mico is free software: you can redistribute it and/or
** modify it under the terms of the GNU Lesser General Public License as
** published by the Free Software Foundation, either version 3 of the License,
** or (at your option) any later version.
**
** This program is distributed in the hope that it will be useful, but WITHOUT
** ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
** FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
** for more details.
**
** You should have received a copy of the GNU Lesser General Public License
*******************************************************************************
******************************************************************************/
// include the configuration file
include_once ('inc/config.php');
// Connect to the database, and brings in the standard library
include_once(FS_ROOT.'/inc/connect.php');
// Set up the Language system
$LANG = new Lang(Settings::get_default('LANGUAGE','EN'));
$data = false;
// Set the starting values
$error = false;
$error_message = '';
$user = false;
$session_expired = false;
// check if the user is logged in or not
if (isset($_POST['session'])) {
try {
$user = User::by_session($_POST['session']);
// Update the language file to the user's preference
$LANG->set_language($user->get_var_default('lang',''));
} catch (UserSessionException $e) {
// error while authenticating off the session
$error = true;
$error_message = $e->getMessage();
$user = false;
$session_expired = true;
}
}
// If there's no errors, get the right file
if (!$error) {
// check if we have a logged in user
if ($user) {
// Check that the requested file exists
if ($user->get_role()=='admin' && api_exists ("api-admin",$_GET ["f"])) {
// admin apis can override normal and manager apis, but only users with admin access can hit them
require_once ("api-admin/".$_GET ["f"].".php");
} else if (($user->get_role()=='admin' || $user->get_role()=='manager') && api_exists ("api-manager",$_GET ["f"])) {
// manager apis can override normal apis, but only users with admin or manager access can hit them
require_once ("api-manager/".$_GET ["f"].".php");
} else if (api_exists ("api",$_GET ["f"])) {
// regular API
require_once ("api/".$_GET ["f"].".php");
} else {
$error = true;
$error_message = $LANG->get_string('api/Unknownfunction');
}
} else {
// we can only check the public API
if (api_exists ("api-public",$_GET ["f"])) {
// Include the remote API file for processing
require_once ("api-public/".$_GET ["f"].".php");
} else {
$error = true;
$error_message = $LANG->get_string('api/Unknownfunction');
}
}
}
// check if the API returned a '$data' object
if (!$error && $data === false) {
$error = true;
$error_message = $LANG->get_string('api/APIError');
}
// Were there any errors?
if ($error) {
$data = array ("success" => false, "info" => $error_message);
} // if ()
// notify the user that their session has expired
if ($session_expired) {
$data['sessionexpired'] = $session_expired;
}
// Return the data value
header ("Content-Type: text/javascript");
echo json_encode ($data);