-
Notifications
You must be signed in to change notification settings - Fork 1
/
remoteStorage_v2.php
70 lines (56 loc) · 2.4 KB
/
remoteStorage_v2.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
require_once("generic.php");
// For now, expect auth as md5 hash of <username>:<server>:<password> string.
$username = ($_POST['username']) ? $_POST['username'] : "";
$company = ($_POST['company']) ? $_POST['company'] : "";
$server = ($_POST['server']) ? $_POST['server'] : "";
$auth = ($_POST['auth']) ? $_POST['auth'] : "";
$method = ($_POST['method']) ? $_POST['method'] : "getItem";
$key = ($_POST['key']);
$data = ($_POST['data']);
//echo ("Query input: $username, $server, $auth");
$authRes = checkRestAuth($username, $server, $auth);
if (!$authRes) {
header('HTTP/1.0 403 Forbidden');
exit;
}
/**
* TODO: By the time checkPermission is rolled out, check whether user is allowed to change company-global settings before
* allowing to change any company-global settings.
*/
if ($company != "") {
$companyObj = json_decode($authRes);
if ($company != $companyObj->name) {
header('HTTP/1.0 403 Forbidden - user from ' . $companyObj->name . ' has no rights on company ' . $company);
exit;
}
}
if ($method == "getItem") {
$statement = $db->prepare("SELECT `username`, `company`, `server`, `key`, `data` FROM `remotestorage` WHERE `username` = ? AND `company` = ? AND `server` = ? AND `key` = ?");
$statement->bind_param("ssss", $username, $company, $server, $key);
$statement->execute();
$statement->bind_result($username, $company, $server, $key, $data);
$statement->fetch();
header('Content-type: application/json');
//echo $company;
echo json_encode($data);
$statement->close();
exit;
} else if ($method = "setItem") {
$statement = $db->prepare("REPLACE INTO remotestorage (`username`, `company`, `server`, `key`, `data`) VALUES (?, ?, ?, ?, ?)");
$statement->bind_param("sssss", $username, $company, $server, $key, $data);
$result = $statement->execute();
if (!$result) {
header('HTTP/1.0 500 Internal Server Error - Data not saved.');
header('Content-type: application/json');
echo "{}";
}
header('Content-type: application/json');
echo '{"result": true}';
$statement->close();
exit;
} else {
header('HTTP/1.0 400 Bad Request - Unknown method parameter, use getItem or setItem.');
exit;
}
?>