Regatten.net/RegattenApp
1
0
Fork 0
Code Issues 40 Pull Requests Actions Packages Projects Releases Wiki Activity

index fertig bis auf rank

Browse Source
This commit is contained in:
Timon Ostertun
2020-09-22 23:32:48 +02:00
parent cb840a8451
commit 4a3a8b636b
19 changed files with 2215 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

357
api/index.php
View File

@@ -5,6 +5,7 @@
require_once(__DIR__ . '/../server/log.php');
require_once(__DIR__ . '/database.php');
require_once(__DIR__ . '/login.php');
require_once(__DIR__ . '/functions.php');
$request = false;
if (isset($_GET['request'])) {
@@ -76,15 +77,14 @@
} else {
$user_id = false;
}
$perm = get_perm($mysqli, $user_id);
function has_perm($permission) {
global $perm;
return ($perm & $permission) == $permission;
function isLoggedIn() {
global $user_id;
return $user_id !== false;
}
function checkPermission($perm) {
if (!has_perm($perm)) done(DONE_UNAUTHORIZED, ['error' => 'permission denied']);
function checkLoggedIn() {
if (!isLoggedIn()) done(DONE_UNAUTHORIZED, ['error' => 'permission denied']);
}
function checkRequest($param) {
@@ -98,6 +98,35 @@
}, $array);
}
$whereString = false;
if (isset($_REQUEST['index'], $_REQUEST['value'])) {
$whereString = '`' . mysqli_real_escape_string($mysqli, $_REQUEST['index']) . '`="' . mysqli_real_escape_string($mysqli, $_REQUEST['value']) . '"';
}
function sendEntries($table) {
global $mysqli, $whereString;
$response = db_get_data($mysqli, $table, '*', $whereString);
if ($response === false) done(DONE_DATABASE);
$keys = array_keys($response);
if (isset($_REQUEST['changed-after'])) {
$response = db_get_data($mysqli, $table, '*', '`changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
}
$response = array_values($response);
done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys));
}
function sendEntry($table) {
global $mysqli;
checkRequest('id');
$response = db_get_data($mysqli, $table, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"');
if ($response === false) done(DONE_DATABASE);
if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']);
$response = array_values($response)[0];
unset($response['changed']);
done(DONE_OKAY, ['data' => $response]);
}
switch ($action) {
case 'login':
@@ -110,11 +139,325 @@
break;
case 'logout':
checkPermission(PERM_REGISTERED);
checkLoggedIn();
auth_logout($mysqli, $_REQUEST['auth']['id']);
done(DONE_OKAY);
break;
case 'get_update_time':
$times = array();
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_CLUBS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['clubs'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_BOATS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['boats'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_SAILORS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['sailors'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_REGATTAS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['regattas'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_RESULTS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['results'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_PLANNING . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['plannings'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_TRIM_BOATS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['trim_boats'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_TRIM_USERS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['trim_users'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_TRIM_TRIMS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['trim_trims'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
$response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_USERS . '"', 1);
if (($response !== false) and (count($response) > 0)) {
$times['users'] = strtotime(array_values($response)[0]['update']);
} else {
done(DONE_DATABASE);
}
done(DONE_OKAY, $times);
break;
case 'get_clubs':
sendEntries(DB_TABLE_CLUBS);
break;
case 'get_club':
sendEntry(DB_TABLE_CLUBS);
break;
case 'get_boats':
sendEntries(BOATCLASS . DB_TABLE_SUFFIX_BOATS);
break;
case 'get_boat':
sendEntry(BOATCLASS . DB_TABLE_SUFFIX_BOATS);
break;
case 'get_sailors':
sendEntries(BOATCLASS . DB_TABLE_SUFFIX_SAILORS);
break;
case 'get_sailor':
sendEntry(BOATCLASS . DB_TABLE_SUFFIX_SAILORS);
break;
case 'get_years':
$response = get_regatta_years($mysqli);
if ($response === false) done(DONE_DATABASE);
foreach ($response as $key => $value)
$response[$key] = ['year' => $value];
done(DONE_OKAY, ['data' => $response]);
break;
case 'get_regattas':
sendEntries(BOATCLASS . DB_TABLE_SUFFIX_REGATTAS);
break;
case 'get_regatta':
sendEntry(BOATCLASS . DB_TABLE_SUFFIX_REGATTAS);
break;
case 'get_results':
sendEntries(BOATCLASS . DB_TABLE_SUFFIX_RESULTS);
break;
case 'get_result':
sendEntry(BOATCLASS . DB_TABLE_SUFFIX_RESULTS);
break;
case 'get_plannings':
$response = db_get_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_PLANNING, '*', $whereString);
if ($response === false) done(DONE_DATABASE);
$keys = array_keys($response);
if (isset($_REQUEST['changed-after'])) {
$response = db_get_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_PLANNING, '*', '`changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
}
$response = array_map(function ($entry) {
global $user_id;
if (($user_id === false) or ($entry['user'] != $user_id)) {
unset($entry['gemeldet'], $entry['bezahlt']);
}
return $entry;
}, $response);
$response = array_values($response);
done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys));
break;
case 'get_planning':
checkRequest('id');
$response = db_get_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_PLANNING, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"');
if ($response === false) done(DONE_DATABASE);
if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']);
$response = array_values($response)[0];
if (($user_id === false) or ($response['user'] != $user_id)) {
unset($response['gemeldet'], $response['bezahlt']);
}
unset($response['changed']);
done(DONE_OKAY, ['data' => $response]);
break;
case 'get_trim_boats':
checkLoggedIn();
$users = db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'boat', '`user`="' . $user_id . '"');
$boats = implode(',', array_column($users, 'boat'));
if ($boats == '') {
done(DONE_OKAY, array('data' => [], 'keys' => []));
}
$response = db_get_data($mysqli, DB_TABLE_TRIM_BOATS, '*', '`id` IN (' . $boats . ')' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
$keys = array_keys($response);
if (isset($_REQUEST['changed-after'])) {
$response = db_get_data($mysqli, DB_TABLE_TRIM_BOATS, '*', '`id` IN (' . $boats . ') AND `changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
}
$response = array_values($response);
done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys));
break;
case 'get_trim_boat':
checkLoggedIn();
checkRequest('id');
$response = db_get_data($mysqli, DB_TABLE_TRIM_BOATS, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"');
if ($response === false) done(DONE_DATABASE);
if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']);
$response = array_values($response)[0];
if (count(db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'id', '`user`="' . $user_id . '" AND `boat`="' . $response['id'] . '"')) != 1)
done(DONE_BAD_REQUEST, ['error' => 'id not found']);
unset($response['changed']);
done(DONE_OKAY, ['data' => $response]);
break;
case 'get_trim_users':
checkLoggedIn();
$users = db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'boat', '`user`="' . $user_id . '"');
$boats = implode(',', array_column($users, 'boat'));
if ($boats == '') {
done(DONE_OKAY, array('data' => [], 'keys' => []));
}
$response = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`boat` IN (' . $boats . ')' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
$keys = array_keys($response);
if (isset($_REQUEST['changed-after'])) {
$response = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`boat` IN (' . $boats . ') AND `changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
}
$response = array_values($response);
done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys));
break;
case 'get_trim_user':
checkLoggedIn();
checkRequest('id');
$response = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"');
if ($response === false) done(DONE_DATABASE);
if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']);
$response = array_values($response)[0];
if (count(db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'id', '`user`="' . $user_id . '" AND `boat`="' . $response['boat'] . '"')) != 1)
done(DONE_BAD_REQUEST, ['error' => 'id not found']);
unset($response['changed']);
done(DONE_OKAY, ['data' => $response]);
break;
case 'get_trim_trims':
checkLoggedIn();
$users = db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'boat', '`user`="' . $user_id . '"');
$boats = implode(',', array_column($users, 'boat'));
if ($boats == '') {
done(DONE_OKAY, array('data' => [], 'keys' => []));
}
$response = db_get_data($mysqli, DB_TABLE_TRIM_TRIMS, '*', '`boat` IN (' . $boats . ')' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
$keys = array_keys($response);
if (isset($_REQUEST['changed-after'])) {
$response = db_get_data($mysqli, DB_TABLE_TRIM_TRIMS, '*', '`boat` IN (' . $boats . ') AND `changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
}
$response = array_values($response);
done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys));
break;
case 'get_trim_trim':
checkLoggedIn();
checkRequest('id');
$response = db_get_data($mysqli, DB_TABLE_TRIM_TRIMS, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"');
if ($response === false) done(DONE_DATABASE);
if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']);
$response = array_values($response)[0];
if (count(db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'id', '`user`="' . $user_id . '" AND `boat`="' . $response['boat'] . '"')) != 1)
done(DONE_BAD_REQUEST, ['error' => 'id not found']);
unset($response['changed']);
done(DONE_OKAY, ['data' => $response]);
break;
case 'get_users':
$followFields = '';
for ($i = 1; $i <= 5; $i ++) $followFields .= ',' . BOATCLASS . '_sailor' . $i . ' AS sailor' . $i;
$response = db_get_data($mysqli, DB_TABLE_USERS, 'id,username,email' . $followFields, $whereString);
if ($response === false) done(DONE_DATABASE);
$keys = array_keys($response);
if (isset($_REQUEST['changed-after'])) {
$response = db_get_data($mysqli, DB_TABLE_USERS, 'id,username,email,' . $followFields, '`changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : ''));
if ($response === false) done(DONE_DATABASE);
}
$response = array_map(function ($entry) {
global $user_id;
if ($entry['id'] != $user_id) {
$entry = ['id' => $entry['id'], 'username' => $entry['username']];
}
return $entry;
}, $response);
$response = array_values($response);
done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys));
break;
case 'get_user':
checkRequest('id');
$followFields = '';
for ($i = 1; $i <= 5; $i ++) $followFields .= ',' . BOATCLASS . '_sailor' . $i . ' AS sailor' . $i;
$response = db_get_data($mysqli, DB_TABLE_USERS, 'id,username,email' . $followFields, '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"');
if ($response === false) done(DONE_DATABASE);
if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']);
$response = array_values($response)[0];
if ($response['id'] != $user_id) {
$response = ['id' => $response['id'], 'username' => $response['username']];
}
unset($response['changed']);
done(DONE_OKAY, ['data' => $response]);
break;
case 'add_subscription':
checkRequest('subscription');
$data = [
'auth' => PUSH_AUTH,
'subscription' => $_REQUEST['subscription']
];
$ch = curl_init('https://push.ostertun.net/add_subscription');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
if ($result == "OK")
done(DONE_OKAY);
else {
logE('add_subscription', $result);
done(DONE_SERVER_ERROR);
}
break;
case 'remove_subscription':
checkRequest('subscription');
$data = [
'auth' => PUSH_AUTH,
'subscription' => $_REQUEST['subscription']
];
$ch = curl_init('https://push.ostertun.net/remove_subscription');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
if ($result == "OK")
done(DONE_OKAY);
else {
logE('remove_subscription', $result);
done(DONE_SERVER_ERROR);
}
break;
default:
done(DONE_BAD_REQUEST, ['error' => 'action invalid']);