api alpha version merged

Dragon-Eyes · Oct 19, 2019 · d57b7d2 · d57b7d2
2 parents 88b7126 + 6fc215a
commit d57b7d2
Show file tree

Hide file tree

Showing 8 changed files with 133 additions and 5 deletions.
diff --git a/private/functions_api.php b/private/functions_api.php
@@ -0,0 +1,18 @@
+<?php
+
+    function responseBadRequest() {
+        http_response_code(400);
+        echo json_encode([
+            "releaseNo" => REQX_RELEASENO,
+            "error_type" => "Invalid parameter"
+        ]);
+    }
+
+    function responseOk() {
+        http_response_code(200);
+        echo json_encode([
+            "releaseNo" => REQX_RELEASENO,
+            "error_type" => "(none)"
+        ]);
+    }
+
diff --git a/private/functions_user.php b/private/functions_user.php
@@ -59,6 +59,16 @@ function find_user_by_nameuser($name_user) {
 	return $request;
 }
 
+function find_user_by_apikey($apikey) {
+    global $db;
+    $sql = "SELECT * FROM users ";
+    $sql .= "WHERE apikey = '" . $apikey . "' ";
+//	$sql .= "AND flg_active = 1";
+    $result = mysqli_query($db, $sql);
+    $request = mysqli_fetch_assoc($result);
+    return $request;
+}
+
 function validate_user($user) {
 	$errors = [];
 
@@ -107,6 +117,20 @@ function delete_password($key) {
 	return $result;
 }
 
+function new_apikey($key) {
+    global $db;
+
+    $sql = "UPDATE users SET ";
+    $sql .= "apikey='" . get_uid() . "', ";
+    $sql .= "utl_modification_user_kp='" . $_SESSION['kp_user'] . "' ";
+
+    $sql .= "WHERE kp_user='" . $key . "' ";
+    $sql .= "LIMIT 1";
+
+    $result = mysqli_query($db, $sql);
+    return $result;
+}
+
 function update_user($user) {
 	global $db;
 

diff --git a/private/initialize.php b/private/initialize.php
@@ -27,6 +27,7 @@
 	require_once('functions_user.php');
 	require_once('functions_request.php');
 	require_once('functions_selection.php');
+	require_once('functions_api.php');
 
 	require_once('mail.class.php');
 

diff --git a/private/meta.php b/private/meta.php
@@ -1,5 +1,5 @@
 <?php
 
-    define("REQX_VERSION", '1.5.3');
-    define("REQX_RELEASENO", '99');
-    define("REQX_RELEASEDATE", '2019-10-15');
+    define("REQX_VERSION", '1.6.0');
+    define("REQX_RELEASENO", '101');
+    define("REQX_RELEASEDATE", '2019-10-19');
diff --git a/private/subs_user/details_get_edit.php b/private/subs_user/details_get_edit.php
@@ -2,6 +2,7 @@
 			$key = $_GET['key'];
 			$user = find_user_by_kp($key);
 			$pwreset = $_GET['pwreset'] === 'true';
+            $apikeyreset = $_GET['apikeyreset'] === 'true';
 ?>
 
 				<a href="<?php echo 'index'; ?>">Abbrechen&nbsp;&raquo;</a>
@@ -61,8 +62,28 @@
 						}
 					}
 
+                    if($apikeyreset) {
+
+                        $result = new_apikey($key);
+
+                        if( $result === true ) {
+                            header('Location: details?key=' . $key . '&action=edit');
+                            exit;
+                        } else {
+                            $errors = $result;
+                            echo 'Error DB: ' . $errors;
+                        }
+                    } ?>
+
+					<dl>
+                        <dt>API-Key</dt>
+                        <dd><?php echo h($user['apikey']); ?></dd>
+                        <dd><a href='details?key=<?php echo $key; ?>&action=edit&apikeyreset=true'>Neuen Key erzeugen&nbsp;&raquo;</a></dd>
+                    </dl><br />
+
+                    <?php
 					if(isset($user['password_hashed'])) {
-						echo '<p>Wenn Sie das Passwort eines Benutzers zurücksetzen, wird das Passowort des Benutzers in der Datenbank gelöscht und, wie bei neuen Benutzern, wird das Passwort, das der Benutzer beim ersten Login eingibt, verschlüsselt gespeichert und ist für spätere Logins notwendig.</p>
+						echo '<p>Wenn Sie das Passwort eines Benutzers zurücksetzen, wird das Passwort des Benutzers in der Datenbank gelöscht und, wie bei neuen Benutzern, wird das Passwort, das der Benutzer beim ersten Login eingibt, verschlüsselt gespeichert und ist für spätere Logins notwendig.</p>
 						<a href=';
 							echo 'details?key=' . $key . '&action=edit&pwreset=true>Passwort zurücksetzen&nbsp;&raquo;</a>';
 					} else {

diff --git a/public/.htaccess b/public/.htaccess
@@ -3,4 +3,5 @@ RewriteEngine On
 
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^([^\.]+)$ $1.php [NC,L]
-RewriteRule ^([^\.]+)$ $1.html [NC,L]
+RewriteRule ^([^\.]+)$ $1.html [NC,L]
+RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
diff --git a/public/api/index.php b/public/api/index.php
@@ -0,0 +1,3 @@
+<?php
+
+    // help page
diff --git a/public/api/tickets.php b/public/api/tickets.php
@@ -0,0 +1,60 @@
+<?php require_once('../../private/initialize.php');
+
+header("Access-Control-Allow-Headers: Access-Control-Allow-Headers,Content-Type,Access-Control-Allow-Methods, Authorization, X-Requested-With");
+header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE");
+header('Access-Control-Allow-Origin: *');
+header('Content-Type: application/json');
+header("WWW-Authenticate: Basic realm=\"My Realm\"");
+
+// $a = base64_decode( substr($_SERVER["REMOTE_USER"],6)) ;
+// list($name, $password) = explode(':', $a);
+// $_SERVER['PHP_AUTH_USER'] = $name;
+// $_SERVER['PHP_AUTH_PW']    = $password;
+// echo 'PHP_AUTH_USER =' . $_SERVER['PHP_AUTH_USER'] . '<br>';
+// echo 'PHP_AUTH_PW =' . $_SERVER['PHP_AUTH_PW'] . '<br>';
+$token = substr($_SERVER['REMOTE_USER'], 7);
+
+$user = find_user_by_apikey($token);
+// TODO: sanitize $token
+if(!$user) {
+    http_response_code(401);
+    echo json_encode(array(
+       "message" => "Valid access token missing"
+    ));
+    exit();
+}
+
+http_response_code(200);
+
+// return all tickets
+$request_set = find_all_requests();
+$request = mysqli_fetch_assoc($request_set);
+$tickets = array(
+    array(
+        "id" => $request['kp_request'],
+        "description" => $request['description'],
+        "category" => find_selectiontext_by_kp(h($request['category'])),
+        "priority" => find_selectiontext_by_kp(h($request['priority'])),
+        "source" => find_userabbr_by_kp(h($request['source'])),
+        "status" => find_selectiontext_by_kp(h($request['status'])),
+        "responsible" => find_userabbr_by_kp(h($request['responsible']))
+    )
+);
+while($request = mysqli_fetch_assoc($request_set)) {
+    $tickets[] = array(
+        "id" => $request['kp_request'],
+        "description" => $request['description'],
+        "category" => find_selectiontext_by_kp(h($request['category'])),
+        "priority" => find_selectiontext_by_kp(h($request['priority'])),
+        "source" => find_userabbr_by_kp(h($request['source'])),
+        "status" => find_selectiontext_by_kp(h($request['status'])),
+        "responsible" => find_userabbr_by_kp(h($request['responsible']))
+    );
+}
+
+$response = array(
+    "success" => true,
+    "tickets" => $tickets
+);
+
+echo json_encode($response);