From 967ad5075562fbe4d237ae88119b14f06e05dc88 Mon Sep 17 00:00:00 2001 From: Timon Ostertun Date: Sun, 27 Sep 2020 00:05:57 +0200 Subject: [PATCH] Moved api backend to main website --- .htaccess_example | 2 +- api/.htaccess_example | 8 - api/config_example.php | 37 --- api/database.php | 157 ----------- api/functions.php | 450 ------------------------------- api/index.php | 466 --------------------------------- api/login.php | 107 -------- client/scripts/regatten.js.php | 2 +- server/config_example.php | 11 +- 9 files changed, 6 insertions(+), 1234 deletions(-) delete mode 100644 api/.htaccess_example delete mode 100644 api/config_example.php delete mode 100644 api/database.php delete mode 100644 api/functions.php delete mode 100644 api/index.php delete mode 100644 api/login.php diff --git a/.htaccess_example b/.htaccess_example index 73e3dbf..8f74e22 100644 --- a/.htaccess_example +++ b/.htaccess_example @@ -12,7 +12,7 @@ RewriteRule ^(.*)server(.*)$ / [R=301,L,NC] ### CONTENT LOADER # Keep this subfolders untouched -RewriteRule ^(api)($|/) - [L] +#RewriteRule ^(api)($|/) - [L] # Show site RewriteRule ^([^\.]*)$ index.php?request=$1 [QSA] \ No newline at end of file diff --git a/api/.htaccess_example b/api/.htaccess_example deleted file mode 100644 index a02d3cc..0000000 --- a/api/.htaccess_example +++ /dev/null @@ -1,8 +0,0 @@ -RewriteEngine on -# root directory: -RewriteBase /projects/RegattenApp/api/ - - - -# Show site -RewriteRule ^(.*)$ index.php?request=$1 [QSA] \ No newline at end of file diff --git a/api/config_example.php b/api/config_example.php deleted file mode 100644 index 585ada0..0000000 --- a/api/config_example.php +++ /dev/null @@ -1,37 +0,0 @@ - \ No newline at end of file diff --git a/api/database.php b/api/database.php deleted file mode 100644 index 108d3c1..0000000 --- a/api/database.php +++ /dev/null @@ -1,157 +0,0 @@ -num_rows > 0) { - $i = 0; - while ($row = $response->fetch_assoc()) { - if (isset($row['id'])) { - $id = $row['id']; - } else { - $id = $i; - $i ++; - } - foreach ($row as $key => $value) { - $result[$id][$key] = $value; - } - } - } - return $result; - } else { - logE("database", "get_data\nInvalid request\n" . $query . "\n" . mysqli_error($mysqli)); - return false; - } - } - - function db_update_data($mysqli, $table, $data, $where, $limit = false) { - $rest = ''; - if ($where != false) { - $rest .= ' WHERE ' . $where; - } - if ($limit != false) { - $rest .= sprintf(' LIMIT %d', $limit); - } - $set = ''; - $first = true; - foreach ($data as $key => $value) { - if ($first) { - $first = false; - } else { - $set .= ', '; - } - if ($value === null) { - $set .= '`' . mysqli_real_escape_string($mysqli, $key) . '`=NULL'; - } else { - $set .= '`' . mysqli_real_escape_string($mysqli, $key) . '`="' . mysqli_real_escape_string($mysqli, $value) . '"'; - } - } - if (defined('DB_CHANGE_TIME')) $set .= ', `changed`=NOW()'; - $query = 'UPDATE ' . mysqli_real_escape_string($mysqli, $table) . ' SET ' . $set . $rest . ';'; - $response = mysqli_query($mysqli, $query); - - if ($response === false) { - logE("database", "update_data\nInvalid request\n" . $query . "\n" . mysqli_error($mysqli)); - } elseif (defined('DB_CHANGE_TIME')) { - mysqli_query($mysqli, 'UPDATE `_updatetimes` SET `update`=NOW() WHERE `table`="' . mysqli_real_escape_string($mysqli, $table) . '";'); - } - - return $response; - } - - function db_insert_data($mysqli, $table, $data) { - $fields = ''; - $values = ''; - $first = true; - foreach ($data as $key => $value) { - if ($first) { - $first = false; - } else { - $fields .= ', '; - $values .= ', '; - } - $fields .= '`' . mysqli_real_escape_string($mysqli, $key) . '`'; - if ($value === null) { - $values .= 'NULL'; - } else { - $values .= '"' . mysqli_real_escape_string($mysqli, $value) . '"'; - } - } - if (defined('DB_CHANGE_TIME')) { - $fields .= ', `changed`'; - $values .= ', NOW()'; - } - $query = 'INSERT INTO `' . mysqli_real_escape_string($mysqli, $table) . '` (' . $fields . ') VALUES (' . $values . ');'; - $response = mysqli_query($mysqli, $query); - if ($response === false) { - logE("database", "insert_data\nInvalid request\n" . $query . "\n" . mysqli_error($mysqli)); - } else { - $response = mysqli_insert_id($mysqli); - if (defined('DB_CHANGE_TIME')) { - mysqli_query($mysqli, 'UPDATE `_updatetimes` SET `update`=NOW() WHERE `table`="' . mysqli_real_escape_string($mysqli, $table) . '";'); - } - } - - return $response; - } - - function db_delete_data($mysqli, $table, $where, $limit = false) { - $rest = ''; - if ($where != false) { - $rest .= ' WHERE ' . $where; - } - if ($limit != false) { - $rest .= sprintf(' LIMIT %d', $limit); - } - $query = 'DELETE FROM `' . mysqli_real_escape_string($mysqli, $table) . '`' . $rest . ';'; - $response = mysqli_query($mysqli, $query); - if ($response === false) { - logE("database", "delete_data\nInvalid request\n" . $query . "\n" . mysqli_error($mysqli)); - } elseif (defined('DB_CHANGE_TIME')) { - mysqli_query($mysqli, 'UPDATE `_updatetimes` SET `update`=NOW() WHERE `table`="' . mysqli_real_escape_string($mysqli, $table) . '";'); - } - - return $response; - } - -?> \ No newline at end of file diff --git a/api/functions.php b/api/functions.php deleted file mode 100644 index a5cc263..0000000 --- a/api/functions.php +++ /dev/null @@ -1,450 +0,0 @@ -= "' . date('Y-m-d', $from) . '") AND (`date` <= "' . date('Y-m-d', $to) . '") ORDER BY `date`'); - } - - function get_regatta_years($mysqli) { - $query = 'SELECT DISTINCT(YEAR(`date`)) as year FROM ' . BOATCLASS . DB_TABLE_SUFFIX_REGATTAS . ' ORDER BY `date`;'; - $response = mysqli_query($mysqli, $query); - - if ($response !== false) { - $result = array(); - if ($response->num_rows > 0) { - while ($row = $response->fetch_assoc()) { - $result[] = $row['year']; - } - } - return $result; - } else { - logE("functions", "get_data\nInvalid request\n" . $query . "\n" . mysqli_error($mysqli)); - return false; - } - } - - function get_result_calculated($mysqli, $regatta_id) { - $regatta = get_regatta($mysqli, $regatta_id); - if ($regatta === false) { - return false; - } - $results = get_result($mysqli, $regatta_id); - if ($results !== false) { - - // *** Replace , with . - foreach ($results as $key => $value) { - for ($i = 1; $i <= $regatta['races']; $i ++) { - $results[$key]['race' . $i] = str_replace(',', '.', $results[$key]['race' . $i]); - } - } - - // *** Calculation *** - $gemeldet = count($results); - - $sortarray = array(); - foreach ($results as $key => $value) { - $results[$key]['finished'] = false; - $results[$key]['values'] = array(); - $results[$key]['values_all'] = array(); - $results[$key]['texts'] = array(); - $copy = array(); - for ($i = 1; $i <= $regatta['races']; $i ++) { - if (is_numeric($value['race' . $i])) { - $results[$key]['values'][$i] = $value['race' . $i]; - $results[$key]['texts'][$i] = $value['race' . $i]; - $copy[$i] = $value['race' . $i]; - $results[$key]['finished'] = true; - } else { - switch ($value['race' . $i]) { - // Nicht gestartet - case 'DNC': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; break; // Did not come - case 'DNS': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; break; // Did not started - // Startfehler - case 'OCS': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; /*$results[$key]['finished'] = true;*/ break; // On course site -// Muss v. Hand case 'ZFP': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; $results[$key]['finished'] = true; break; // Z-Flag penalty (20% nach 30.2) - case 'UFD': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; /*$results[$key]['finished'] = true;*/ break; // Uniform Flag Disqualified (disqu. nach 30.3) - case 'BFD': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; /*$results[$key]['finished'] = true;*/ break; // Black Flag Disqualified (disqu. nach 30.4) - // Nicht durch Ziel gegangen - case 'DNF': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; break; // Did not finish - case 'RET': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; break; // Retired (Aufgegeben) - case 'RAF': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; /*$results[$key]['finished'] = true;*/ break; // Retired after finish - // Disqualifizierun - case 'DSQ': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; /*$results[$key]['finished'] = true;*/ break; // Disqualified - case 'DNE': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = -1; /*$results[$key]['finished'] = true;*/ break; // Disqualified, not excludable (disqu. kann nach 90.3(b) nicht gestrichen werden) - case 'DGM': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = -2; /*$results[$key]['finished'] = true;*/ break; // Disqualification Gross Missconduct (kann nach 69.1(b)(2) nicht gestr. werden, grobes Fehlverhalten) - // Wiedergutmachung -// Muss v. Hand case 'RDG': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; $results[$key]['finished'] = true; break; // Redress given (Wiedergutmachung gewährt) - // Strafen -// Muss v. Hand case 'SCP': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; $results[$key]['finished'] = true; break; // Wertungsstrafe nach 44.3(a) (20%) -// Muss v. Hand case 'DPI': $results[$key]['values'][$i] = $gemeldet + 1; $copy[$i] = $gemeldet + 1; $results[$key]['finished'] = true; break; // Punktstrafe nach Ermessen der Jury - // Unbekannt - default: $results[$key]['values'][$i] = 0; $copy[$i] = 0; break; - } - - if ($results[$key]['values'][$i] != 0) { - $results[$key]['texts'][$i] = $value['race' . $i] . ' (' . $results[$key]['values'][$i] . ')'; - } else { - $results[$key]['texts'][$i] = $value['race' . $i] . ' (Unknown - 0)'; - } - } - } - $results[$key]['values_all'] = $results[$key]['values']; - for ($s = 0; $s < $regatta['streicher']; $s ++) { - $max = max($copy); - for ($i = 1; $i <= $regatta['races']; $i ++) { - if ($copy[$i] == $max) { - $copy[$i] = 0; - break; - } - } - } - $brutto = $netto = 0; - for ($i = 1; $i <= $regatta['races']; $i ++) { - $brutto += $results[$key]['values_all'][$i]; - if ($copy[$i] == -1) { $results[$key]['values'][$i] = $gemeldet + 1; } - elseif ($copy[$i] == -2) { $results[$key]['values'][$i] = $gemeldet + 1; } - else { $results[$key]['values'][$i] = $copy[$i]; } - if ($results[$key]['values'][$i] == 0) { - $results[$key]['texts'][$i] = '[' . $results[$key]['texts'][$i] . ']'; - } - $netto += $results[$key]['values'][$i]; - } - $results[$key]['brutto'] = $brutto; - $results[$key]['netto'] = $netto; - - if ($results[$key]['finished']) { - $sortarray[$key] = 0; - } else { - $sortarray[$key] = 1; - } - $sortarray[$key] /*.*/= sprintf("%08.2f", $netto); - $temp = $results[$key]['values']; - sort($temp); - $i = 0; - foreach ($temp as $val) { - if ($i < $regatta['races']) { - $sortarray[$key] .= sprintf("%07.2f", $val); - } - $i ++; - } - for ($i = $regatta['races']; $i > 0; $i --) { - $sortarray[$key] .= sprintf("%07.2f", $results[$key]['values_all'][$i]); - } - $results[$key]['sortvalue'] = $sortarray[$key]; - } - array_multisort($sortarray, $results); - $i = 1; - foreach ($results as $key => $value) { - if (($i > 1) and ($sortarray[$key] == $sortarray[$lastkey])) { - $results[$key]['place'] = $results[$lastkey]['place']; - } else { - $results[$key]['place'] = $i; - } - $i ++; - $lastkey = $key; - } - unset ($sortarray); - - return $results; - } else { - return false; - } - } - - function update_result_cache($mysqli, $regatta_id) { - $regatta = get_regatta($mysqli, $regatta_id); - if ($regatta === false) return; - $results = get_result_calculated($mysqli, $regatta['id']); - if ($results === false) return; - - // count finished boats - $fb = 0; - foreach ($results as $result) { - if ($result['finished']) { - $fb ++; - } - } - - db_update_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_REGATTAS, ['finishedBoats' => $fb], '`id`="' . $regatta['id'] . '"', 1); - - foreach ($results as $result) { - if ($fb == 0) { - $rlp = 0; - } else { - $rlp = 100 * $regatta['rlf'] * (($fb + 1 - $result['place']) / $fb); - } - db_update_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_RESULTS, ['place' => $result['place'], 'rlp' => $rlp], '`id`="' . $result['id'] . '"', 1); - } - } - - function get_ranking($mysqli, $from, $to, $jugend = false, $jugstrict = false) { - global $rankNoResults, $_CLASSES; - $rankNoResults = array(); - - $sailors = get_sailor($mysqli); - $regattas = get_regattas_range($mysqli, $from, $to); - - if (($sailors !== false) and ($regattas !== false)) { - foreach ($sailors as $key => $sailor) { - $sailors[$key]['regattas'] = array(); - $sailors[$key]['tmp_rlp'] = array(); - } - - foreach ($regattas as $regatta) { - $date = strtotime($regatta['date']); - - // regatta has to be min. 2 days to be ranking-regatta - if ($regatta['length'] < 2) { - continue; - } - - $results = get_result($mysqli, $regatta['id']); - if ($results === false) { - continue; - } - - if (count($results) <= 0) { - if (strtotime('+' . ($regatta['length']-1) . ' days', $date) <= time()) { - if (!$regatta['canceled']) { - $rankNoResults[] = $regatta; - } - } - continue; - } - - // in one race there must be at least 10 boats started - $ok = false; - for ($i = 1; $i <= $regatta['races']; $i ++) { - $temp = 0; - foreach ($results as $result) { - if (($result['race' . $i] != 'DNC') and ($result['race' . $i] != 'DNS')) { - $temp ++; - } - } - if ($temp >= 10) { - $ok = true; - break; - } - } - if (!$ok) { - continue; - } - - $fb = $regatta['finishedBoats']; - - // add regatta to each sailor - foreach ($results as $result) { - if ($result['rlp'] == 0) { - continue; - } - // check if crew is youth - //if ($jugend) { - // $crew = explode(',', $result['crew']); - // $okay = true; - // foreach ($crew as $sailor) { - // if (($sailor == '') or !isset($sailors[$sailor])) continue; - // $sailor = $sailors[$sailor]; - // if ((($sailor['year'] !== null) and ($sailor['year'] < (date('Y', $date) - $_CLASSES[BOATCLASS]['youth-age']))) or - // (($sailor['year'] === null) and ($jugstrict))) { - // $okay = false; - // break; - // } - // } - // if (!$okay) continue; - //} - // calc m - if ($regatta['m'] > 0) { - $m = $regatta['m']; - } elseif ($regatta['races'] <= 4) { - $m = $regatta['races']; - } else { - if (($regatta['length'] > 2) and ($regatta['races'] >= 6)) { - $m = 5; - } else { - $m = 4; - } - } - $rlp = $result['rlp']; - $sailors[$result['steuermann']]['regattas'][$regatta['id']] = array( - 'regatta' => $regatta['id'], - 'boat' => $result['boat'], - 'crew' => $result['crew'], - 'place' => $result['place'], - 'fb' => $fb, - 'rlp' => $rlp, - 'used' => 0, - 'm' => $m - ); - for ($i = 0; $i < $m; $i ++) { - array_push($sailors[$result['steuermann']]['tmp_rlp'], array($regatta['id'], $rlp)); - } - } - } - - foreach ($sailors as $key => $sailor) { - if ($sailor['german'] == 0) { - unset($sailors[$key]); - } elseif ($jugend) { - if ((($sailor['year'] !== null) and ($sailor['year'] < (date('Y', $to) - $_CLASSES[BOATCLASS]['youth-age']))) or - (($sailor['year'] === null) and ($jugstrict))) { - unset($sailors[$key]); - } - } - } - - $sortarray = array(); - - foreach ($sailors as $key => $sailor) { - // sort rlps desc - $sort = array(); - foreach ($sailor['tmp_rlp'] as $key2 => $value) { - $sort[$key2] = $value[1]; - } - array_multisort($sort, SORT_DESC, $sailors[$key]['tmp_rlp']); - // calc mean. rlp - $sum = 0; - $cnt = 0; - foreach ($sailors[$key]['tmp_rlp'] as $value) { - $sum += $value[1]; - $sailors[$key]['regattas'][$value[0]]['used'] ++; - $cnt ++; - if ($cnt >= 9) { - break; - } - } - unset($sailors[$key]['tmp_rlp']); - if ($cnt > 0) { - $rlp = $sum / $cnt; - $sailors[$key]['rlp'] = $rlp; - $sailors[$key]['m'] = $cnt; - } else { - unset($sailors[$key]); - continue; - } - - if ($rlp == 0) { - $sortarray[$key] = $cnt; - } else { - $sortarray[$key] = $cnt * 1000 + $rlp; - } - } - array_multisort($sortarray, SORT_DESC, $sailors); - unset($sortarray); - - $i = 1; - foreach ($sailors as $key => $sailor) { - $sailors[$key]['rank'] = $i; - $i ++; - } - - return $sailors; - } else { - return false; - } - } - - function get_trim_boat($mysqli, $id = false) { - return get_db_entry($mysqli, DB_TABLE_TRIM_BOATS, $id); - } - - function get_trim_boat_users($mysqli, $id) { - $result = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`boat` = "' . mysqli_real_escape_string($mysqli, $id) . '"'); - if ($result === false) - return false; - else - return $result; - } - - function get_trim_user_boats($mysqli, $id) { - $boats = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`user` = "' . mysqli_real_escape_string($mysqli, $id) . '"'); - if ($boats === false) { - return false; - } else { - $result = []; - foreach ($boats as $value) { - $result[$value['boat']] = get_trim_boat($mysqli, $value['boat']); - } - return $result; - } - } - - function trim_is_boat_user($mysqli, $user, $boat) { - $res = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`user` = "' . mysqli_real_escape_string($mysqli, $user) . '" AND `boat` = "' . mysqli_real_escape_string($mysqli, $boat) . '"'); - return ($res !== false) and (count($res) == 1); - } - - function get_trim_trim($mysqli, $id = false) { - return get_db_entry($mysqli, DB_TABLE_TRIM_TRIMS, $id); - } - - function get_trim_boat_trims($mysqli, $id) { - $result = db_get_data($mysqli, DB_TABLE_TRIM_TRIMS, '*', '`boat` = "' . mysqli_real_escape_string($mysqli, $id) . '"'); - if ($result === false) { - return false; - } else { - return $result; - } - } - -?> \ No newline at end of file diff --git a/api/index.php b/api/index.php deleted file mode 100644 index 3a03cff..0000000 --- a/api/index.php +++ /dev/null @@ -1,466 +0,0 @@ -= 1) { - $action = array_shift($request); - } else { - $action = ''; - } - - define('DONE_OKAY', 0); - define('DONE_EMPTY', 1); - define('DONE_DATABASE', 2); - define('DONE_UNAUTHORIZED', 3); - define('DONE_BAD_REQUEST', 4); - define('DONE_CONFLICT', 5); - define('DONE_SERVER_ERROR', 6); - function done($donecode, $content = null) { - switch ($donecode) { - case DONE_OKAY: - header('HTTP/1.0 200 OK'); - break; - case DONE_EMPTY: - header('HTTP/1.0 204 No Content'); - break; - case DONE_DATABASE: - header('HTTP/1.0 500 Internal Server Error'); - if ($content === null) { - $content = array('error' => 'database error'); - } - break; - case DONE_UNAUTHORIZED: - header('HTTP/1.0 401 Unauthorized'); - if ($content === null) { - $content = array('error' => 'unauthorized'); - } - break; - case DONE_BAD_REQUEST: - header('HTTP/1.0 400 Bad Request'); - if ($content === null) { - $content = array('error' => 'bad request'); - } - break; - case DONE_CONFLICT: - header('HTTP/1.0 409 Conflict'); - break; - case DONE_SERVER_ERROR: - header('HTTP/1.0 500 Internal Server Error'); - break; - default: - header('HTTP/1.0 500 Internal Server Error'); - break; - } - header('Content-Type: application/json'); - if ($content !== null) { - echo json_encode($content); - } else { - echo '{ }'; - } - exit; - } - - if (isset($_REQUEST['auth']['id'], $_REQUEST['auth']['hash'])) { - $user_id = auth_check($mysqli, $_REQUEST['auth']['id'], $_REQUEST['auth']['hash']); - } else { - $user_id = false; - } - - function isLoggedIn() { - global $user_id; - return $user_id !== false; - } - - function checkLoggedIn() { - if (!isLoggedIn()) done(DONE_UNAUTHORIZED, ['error' => 'permission denied']); - } - - function checkRequest($param) { - if (!isset($_REQUEST[$param])) done(DONE_BAD_REQUEST, ['error' => 'missing parameter: ' . $param]); - } - - function replaceChanged($array) { - return array_map(function ($entry) { - unset($entry['changed']); - return $entry; - }, $array); - } - - $whereString = false; - if (isset($_REQUEST['index'], $_REQUEST['value'])) { - $whereString = '`' . mysqli_real_escape_string($mysqli, $_REQUEST['index']) . '`="' . mysqli_real_escape_string($mysqli, $_REQUEST['value']) . '"'; - } - - function sendEntries($table) { - global $mysqli, $whereString; - $response = db_get_data($mysqli, $table, '*', $whereString); - if ($response === false) done(DONE_DATABASE); - $keys = array_keys($response); - if (isset($_REQUEST['changed-after'])) { - $response = db_get_data($mysqli, $table, '*', '`changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - } - $response = array_values($response); - done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys)); - } - - function sendEntry($table) { - global $mysqli; - checkRequest('id'); - $response = db_get_data($mysqli, $table, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"'); - if ($response === false) done(DONE_DATABASE); - if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']); - $response = array_values($response)[0]; - unset($response['changed']); - done(DONE_OKAY, ['data' => $response]); - } - - switch ($action) { - - case 'login': - checkRequest('username'); - checkRequest('password'); - checkRequest('device'); - $auth = auth_login($mysqli, $_REQUEST['username'], $_REQUEST['password'], $_REQUEST['device']); - if ($auth === false) done(DONE_UNAUTHORIZED); - done(DONE_OKAY, $auth); - break; - - case 'logout': - checkLoggedIn(); - auth_logout($mysqli, $_REQUEST['auth']['id']); - done(DONE_OKAY); - break; - - case 'get_update_time': - $times = array(); - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_CLUBS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['clubs'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_BOATS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['boats'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_SAILORS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['sailors'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_REGATTAS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['regattas'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_RESULTS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['results'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . BOATCLASS . DB_TABLE_SUFFIX_PLANNING . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['plannings'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_TRIM_BOATS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['trim_boats'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_TRIM_USERS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['trim_users'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_TRIM_TRIMS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['trim_trims'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - $response = db_get_data($mysqli, DB_TABLE_UPDATETIMES, '`update`', '`table` = "' . DB_TABLE_USERS . '"', 1); - if (($response !== false) and (count($response) > 0)) { - $times['users'] = strtotime(array_values($response)[0]['update']); - } else { - done(DONE_DATABASE); - } - done(DONE_OKAY, $times); - break; - - case 'get_clubs': - sendEntries(DB_TABLE_CLUBS); - break; - - case 'get_club': - sendEntry(DB_TABLE_CLUBS); - break; - - case 'get_boats': - sendEntries(BOATCLASS . DB_TABLE_SUFFIX_BOATS); - break; - - case 'get_boat': - sendEntry(BOATCLASS . DB_TABLE_SUFFIX_BOATS); - break; - - case 'get_sailors': - sendEntries(BOATCLASS . DB_TABLE_SUFFIX_SAILORS); - break; - - case 'get_sailor': - sendEntry(BOATCLASS . DB_TABLE_SUFFIX_SAILORS); - break; - - case 'get_years': - $response = get_regatta_years($mysqli); - if ($response === false) done(DONE_DATABASE); - foreach ($response as $key => $value) - $response[$key] = ['year' => $value]; - done(DONE_OKAY, ['data' => $response]); - break; - - case 'get_regattas': - sendEntries(BOATCLASS . DB_TABLE_SUFFIX_REGATTAS); - break; - - case 'get_regatta': - sendEntry(BOATCLASS . DB_TABLE_SUFFIX_REGATTAS); - break; - - case 'get_results': - sendEntries(BOATCLASS . DB_TABLE_SUFFIX_RESULTS); - break; - - case 'get_result': - sendEntry(BOATCLASS . DB_TABLE_SUFFIX_RESULTS); - break; - - case 'get_plannings': - $response = db_get_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_PLANNING, '*', $whereString); - if ($response === false) done(DONE_DATABASE); - $keys = array_keys($response); - if (isset($_REQUEST['changed-after'])) { - $response = db_get_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_PLANNING, '*', '`changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - } - $response = array_map(function ($entry) { - global $user_id; - if (($user_id === false) or ($entry['user'] != $user_id)) { - unset($entry['gemeldet'], $entry['bezahlt']); - } - return $entry; - }, $response); - $response = array_values($response); - done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys)); - break; - - case 'get_planning': - checkRequest('id'); - $response = db_get_data($mysqli, BOATCLASS . DB_TABLE_SUFFIX_PLANNING, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"'); - if ($response === false) done(DONE_DATABASE); - if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']); - $response = array_values($response)[0]; - if (($user_id === false) or ($response['user'] != $user_id)) { - unset($response['gemeldet'], $response['bezahlt']); - } - unset($response['changed']); - done(DONE_OKAY, ['data' => $response]); - break; - - case 'get_trim_boats': - checkLoggedIn(); - $users = db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'boat', '`user`="' . $user_id . '"'); - $boats = implode(',', array_column($users, 'boat')); - if ($boats == '') { - done(DONE_OKAY, array('data' => [], 'keys' => [])); - } - $response = db_get_data($mysqli, DB_TABLE_TRIM_BOATS, '*', '`id` IN (' . $boats . ')' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - $keys = array_keys($response); - if (isset($_REQUEST['changed-after'])) { - $response = db_get_data($mysqli, DB_TABLE_TRIM_BOATS, '*', '`id` IN (' . $boats . ') AND `changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - } - $response = array_values($response); - done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys)); - break; - - case 'get_trim_boat': - checkLoggedIn(); - checkRequest('id'); - $response = db_get_data($mysqli, DB_TABLE_TRIM_BOATS, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"'); - if ($response === false) done(DONE_DATABASE); - if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']); - $response = array_values($response)[0]; - if (count(db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'id', '`user`="' . $user_id . '" AND `boat`="' . $response['id'] . '"')) != 1) - done(DONE_BAD_REQUEST, ['error' => 'id not found']); - unset($response['changed']); - done(DONE_OKAY, ['data' => $response]); - break; - - case 'get_trim_users': - checkLoggedIn(); - $users = db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'boat', '`user`="' . $user_id . '"'); - $boats = implode(',', array_column($users, 'boat')); - if ($boats == '') { - done(DONE_OKAY, array('data' => [], 'keys' => [])); - } - $response = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`boat` IN (' . $boats . ')' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - $keys = array_keys($response); - if (isset($_REQUEST['changed-after'])) { - $response = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`boat` IN (' . $boats . ') AND `changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - } - $response = array_values($response); - done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys)); - break; - - case 'get_trim_user': - checkLoggedIn(); - checkRequest('id'); - $response = db_get_data($mysqli, DB_TABLE_TRIM_USERS, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"'); - if ($response === false) done(DONE_DATABASE); - if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']); - $response = array_values($response)[0]; - if (count(db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'id', '`user`="' . $user_id . '" AND `boat`="' . $response['boat'] . '"')) != 1) - done(DONE_BAD_REQUEST, ['error' => 'id not found']); - unset($response['changed']); - done(DONE_OKAY, ['data' => $response]); - break; - - case 'get_trim_trims': - checkLoggedIn(); - $users = db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'boat', '`user`="' . $user_id . '"'); - $boats = implode(',', array_column($users, 'boat')); - if ($boats == '') { - done(DONE_OKAY, array('data' => [], 'keys' => [])); - } - $response = db_get_data($mysqli, DB_TABLE_TRIM_TRIMS, '*', '`boat` IN (' . $boats . ')' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - $keys = array_keys($response); - if (isset($_REQUEST['changed-after'])) { - $response = db_get_data($mysqli, DB_TABLE_TRIM_TRIMS, '*', '`boat` IN (' . $boats . ') AND `changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - } - $response = array_values($response); - done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys)); - break; - - case 'get_trim_trim': - checkLoggedIn(); - checkRequest('id'); - $response = db_get_data($mysqli, DB_TABLE_TRIM_TRIMS, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"'); - if ($response === false) done(DONE_DATABASE); - if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']); - $response = array_values($response)[0]; - if (count(db_get_data($mysqli, DB_TABLE_TRIM_USERS, 'id', '`user`="' . $user_id . '" AND `boat`="' . $response['boat'] . '"')) != 1) - done(DONE_BAD_REQUEST, ['error' => 'id not found']); - unset($response['changed']); - done(DONE_OKAY, ['data' => $response]); - break; - - case 'get_users': - $followFields = ''; - for ($i = 1; $i <= 5; $i ++) $followFields .= ',' . BOATCLASS . '_sailor' . $i . ' AS sailor' . $i; - $response = db_get_data($mysqli, DB_TABLE_USERS, 'id,username,email' . $followFields, $whereString); - if ($response === false) done(DONE_DATABASE); - $keys = array_keys($response); - if (isset($_REQUEST['changed-after'])) { - $response = db_get_data($mysqli, DB_TABLE_USERS, 'id,username,email' . $followFields, '`changed` > "' . mysqli_real_escape_string($mysqli, date('Y-m-d H:i:s', $_REQUEST['changed-after'])) . '"' . ($whereString ? (' AND ' . $whereString) : '')); - if ($response === false) done(DONE_DATABASE); - } - $response = array_map(function ($entry) { - global $user_id; - if ($entry['id'] != $user_id) { - $entry = ['id' => $entry['id'], 'username' => $entry['username']]; - } - return $entry; - }, $response); - $response = array_values($response); - done(DONE_OKAY, array('data' => replaceChanged($response), 'keys' => $keys)); - break; - - case 'get_user': - checkRequest('id'); - $followFields = ''; - for ($i = 1; $i <= 5; $i ++) $followFields .= ',' . BOATCLASS . '_sailor' . $i . ' AS sailor' . $i; - $response = db_get_data($mysqli, DB_TABLE_USERS, 'id,username,email' . $followFields, '`id` = "' . mysqli_real_escape_string($mysqli, $_REQUEST['id']) . '"'); - if ($response === false) done(DONE_DATABASE); - if (count($response) != 1) done(DONE_BAD_REQUEST, ['error' => 'id not found']); - $response = array_values($response)[0]; - if ($response['id'] != $user_id) { - $response = ['id' => $response['id'], 'username' => $response['username']]; - } - unset($response['changed']); - done(DONE_OKAY, ['data' => $response]); - break; - - case 'add_subscription': - checkRequest('subscription'); - $data = [ - 'auth' => PUSH_AUTH, - 'subscription' => $_REQUEST['subscription'] - ]; - $ch = curl_init('https://push.ostertun.net/add_subscription'); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, $data); - $result = curl_exec($ch); - curl_close($ch); - if ($result == "OK") - done(DONE_OKAY); - else { - logE('add_subscription', $result); - done(DONE_SERVER_ERROR); - } - break; - - case 'remove_subscription': - checkRequest('subscription'); - $data = [ - 'auth' => PUSH_AUTH, - 'subscription' => $_REQUEST['subscription'] - ]; - $ch = curl_init('https://push.ostertun.net/remove_subscription'); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, $data); - $result = curl_exec($ch); - curl_close($ch); - if ($result == "OK") - done(DONE_OKAY); - else { - logE('remove_subscription', $result); - done(DONE_SERVER_ERROR); - } - break; - - default: - done(DONE_BAD_REQUEST, ['error' => 'action invalid']); - - } - -?> \ No newline at end of file diff --git a/api/login.php b/api/login.php deleted file mode 100644 index 852f82a..0000000 --- a/api/login.php +++ /dev/null @@ -1,107 +0,0 @@ - $user['id'], - 'salt' => $salt, - 'authhash' => $hash, - 'device' => $device - ]; - $auth['id'] = db_insert_data($mysqli, DB_TABLE_LOGINS, $data); - return $auth; - } - - function auth_logout($mysqli, $id) { - db_delete_data($mysqli, DB_TABLE_LOGINS, 'id = "' . mysqli_real_escape_string($mysqli, $id) . '"', 1); - return true; - } - - function auth_check($mysqli, $id, $hash) { - $auth = db_get_data($mysqli, DB_TABLE_LOGINS, '*', 'id="' . mysqli_real_escape_string($mysqli, $id) . '"', 1); - if (($auth === false) or (count($auth) != 1)) return false; - $auth = array_values($auth)[0]; - $hash = hash('sha512', $hash . $auth['salt']); - if ($hash != $auth['authhash']) return false; - db_update_data($mysqli, DB_TABLE_LOGINS, ['id' => $auth['id']], 'id="' . $auth['id'] . '"', 1); // update changed field => last login - return $auth['user']; - } - -?> \ No newline at end of file diff --git a/client/scripts/regatten.js.php b/client/scripts/regatten.js.php index b77bc1c..1bdee63 100644 --- a/client/scripts/regatten.js.php +++ b/client/scripts/regatten.js.php @@ -6,7 +6,7 @@ ?> -const QUERY_URL = '/api/'; +const QUERY_URL = ''; const BOATCLASS = ''; const LINK_PRE = '/'; const YOUTH_AGE = ''; diff --git a/server/config_example.php b/server/config_example.php index 3387a84..191aa93 100644 --- a/server/config_example.php +++ b/server/config_example.php @@ -4,18 +4,15 @@ error_reporting(0); // disable error reporting in browser define('SEND_ERRORS', true); // send errors via log + define('BOATCLASS', 'pirat'); + date_default_timezone_set('Europe/Berlin'); define('SERVER_PATH', '/subfolder'); // path to root directory define('SERVER_ADDR', 'https://' . $_SERVER['SERVER_NAME'] . SERVER_PATH); // path to root directory + define('QUERY_URL', 'http://' . $_SERVER['SERVER_NAME'] . '/api/' . BOATCLASS . '/'); // url to api backend define('LOGGING_APIKEY', 'xxx'); // Apikey for Logging API -> get from ostertun.net/logging - // PUSH SERVER - define('PUSH_AUTH', 'xxxxxxx'); // auth string for push.ostertun.net - define('PUSH_SERVERKEY', 'xxxxxxx'); // server key from push.ostertun.net - - define('BOATCLASS', 'pirat'); - - // BOAT CLASSES + // BOAT CLASS $_CLASS = array( 'name' => 'Pirat', 'desc' => 'eine vom DSV geförderte Jugendmeisterschaftsklasse',