From 522cc2a980fc7df1c73cfa60106232cd0c0c4ee4 Mon Sep 17 00:00:00 2001 From: int2001 Date: Tue, 8 Aug 2023 15:08:38 +0000 Subject: [PATCH] Refactores lookup_call and grid at API / Removed more unused stuff --- application/controllers/Api.php | 14 +++ application/models/Api_model.php | 186 +------------------------------ 2 files changed, 15 insertions(+), 185 deletions(-) diff --git a/application/controllers/Api.php b/application/controllers/Api.php index bf6d3a3c..7a1e9634 100644 --- a/application/controllers/Api.php +++ b/application/controllers/Api.php @@ -228,11 +228,19 @@ class API extends CI_Controller { $obj = json_decode(file_get_contents("php://input"), true); if ($obj === NULL) { echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]); + return; } if(!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) { http_response_code(401); echo json_encode(['status' => 'failed', 'reason' => "missing api key"]); + return; + } + + if(!isset($obj['logbook_public_slug']) || !isset($obj['callsign'])) { + http_response_code(401); + echo json_encode(['status' => 'failed', 'reason' => "missing fields"]); + return; } if($obj['logbook_public_slug'] != "" && $obj['callsign'] != "") { @@ -308,6 +316,12 @@ class API extends CI_Controller { echo json_encode(['status' => 'failed', 'reason' => "missing api key"]); } + if(!isset($obj['logbook_public_slug']) || !isset($obj['grid'])) { + http_response_code(401); + echo json_encode(['status' => 'failed', 'reason' => "missing fields"]); + return; + } + if($obj['logbook_public_slug'] != "" && $obj['grid'] != "") { $logbook_slug = $obj['logbook_public_slug']; diff --git a/application/models/Api_model.php b/application/models/Api_model.php index 1cc767ca..f470c713 100644 --- a/application/models/Api_model.php +++ b/application/models/Api_model.php @@ -183,191 +183,7 @@ class API_Model extends CI_Model { return 0; } - function insert_parse($arguments) - { -# $q = "INSERT INTO ".$this->config->item('table_name'); - - $f = explode(",", $arguments['query']); - $r = $this->_insert_field_translate($f); - - return $r; - } - - // FUNCTION: string select_parse(array $arguments) - // Converts an array of arguments into a MySQL query string - // See documentation for search() under the API controller for more details - function select_parse($arguments) - { - // Initialise our string - $q = "SELECT "; - - // Cycle through the fields, converting friendly names to MySQL column names - if($arguments['fields'] != "") { - $field = ""; - $fields = explode(",", $arguments['fields']); - foreach ($fields as $f) { - if($field != "") { - $field .= ","; - } - // Add field to the query, with '++' placeholders for later translation - $field .= "++$f++"; - } - // Handle any DISTINCT arguments - $field = str_replace("++distinct(", "DISTINCT(++", $field); - $field = str_replace(")++", "++)", $field); - // Add the MySQL column name to the query - $q .= $field." "; - } else { - // If no fields are specified, display all fields - $q .= "* "; - } - - // Append the table we're pulling data from - $q .= "FROM ".$this->config->item('table_name'); - if (isset($arguments["join_station_profile"]) && $arguments["join_station_profile"]) { - $q .= " INNER JOIN station_profile ON ".$this->config->item('table_name').".station_id = station_profile.station_id"; - } - - // Parse the 'query' string, which is converted into a standard MySQL 'WHERE' - // clause. - // $s and $r can be refactored into single array definitions, but during - // development it's easier to list them in this way for quick reference. - - if($arguments['query'] != "") - { - $q .= " WHERE "; - $q = $this->_query_parse($q, $arguments['query']); - } - - // Parse any order arguments - if($arguments['order'] != "") - { - $q .= " ORDER BY "; - - $s = null; - $r = null; - $s[0] = '/(/'; - $s[1] = '/)/'; - $s[2] = '/([a-zA-Z0-9\-\_]+)([,\(]{1}|$)/'; - $s[3] = '/\(asc\)/'; - $s[4] = '/\(desc\)/'; - $s[5] = '/,$/'; - $s[6] = '/\[/'; - $s[7] = '/\]/'; - - $r[0] = '('; - $r[1] = ')'; - $r[2] = '++$1++ $2'; - $r[3] = ' ASC '; - $r[4] = ' DESC '; - $r[5] = ''; - $r[6] = ''; - $r[7] = ''; - - $q .= preg_replace($s, $r, $arguments['order']); - - } - - $q = $this->_select_field_translate($q); - - // Parse any limit arguments - if($arguments['limit'] != "") - { - // Add the limit arguments, removing any characters other than numbers and commas - $q .= " LIMIT " . preg_replace(array("/[^0-9\,]/","/,$/"), "", $arguments['limit']); - } - else - { - // If no limit argument is given, default to the first 20 results - $q .= " LIMIT 0,20"; - } - - return $q; - } - - private function _query_parse($q, $qs) - { - if($qs != "") - { - $s = null; - $r = null; - // (and), becomes ' AND ' - $s[0] = '/(and)/'; - // (or), becomes ' OR ' - $s[1] = '/(or)/'; - // <, >, [ and ] all translated from their urlencoded forms - $s[2] = '/%3C/'; - $s[3] = '/%3E/'; - $s[4] = '/%5B/'; - $s[5] = '/%5D/'; - // FieldName=, which becomes '++FieldName++ = ' - $s[6] = '/([a-zA-Z0-9\-\_\*\(\)\=\~]+)=/'; - // =Value, which becomes '= 'Value'' - $s[7] = '/=([a-zA-Z0-9\-\_\*\(\)\=\~]+)/'; - // now(), which becomes 'UNIX_TIMESTAMP(NOW())' - $s[8] = '/now()/'; - // (, and ), which are translated to their non-HTML entity forms, - // and with added padding - $s[9] = '/(/'; - $s[10] = '/)/'; - // FieldName~, becomes '++FieldName++ LIKE~' - $s[11] = '/([a-zA-Z0-9\-\_\*\(\)\=\~]+)~/'; - // ~Value, becomes ' 'Value'' - $s[12] = '/~([a-zA-Z0-9\-\_\*\(\)\=\~]+)/'; - // *, which becomes '%' - $s[13] = '/\*/'; - - $r[0] = ' AND '; - $r[1] = ' OR '; - $r[2] = ' < '; - $r[3] = ' > '; - // Strip out square brackets - $r[4] = ''; - $r[5] = ''; - $r[6] = '++$1++ ='; - $r[7] = '= \'$1\''; - $r[8] = 'UNIX_TIMESTAMP(NOW())'; - $r[9] = '( '; - $r[10] = ' )'; - $r[11] = '++$1++ LIKE~'; - $r[12] = ' \'$1\''; - $r[13] = '%'; - - // Bulk replace everything - $q .= preg_replace($s, $r, $qs); - } - - return $q; - } - - private function _select_field_translate($q) - { - // Do search/replace on field names, to convert from friendly names - // to MySQL column names - - foreach($this->_columnName as $key => $val) { - $q = str_replace("++".$val['Name']."++", $key, $q); - } - - - - return $q; - } - - private function _insert_field_translate($q) - { - // Do search/replace on field names, to convert from friendly names - // to MySQL column names - $r = array(); - - foreach($q as $key => $val) { - $f = explode('=', $val); - $r[$this->column($f[0])] = $f[1]; - } - - return $r; - } - + // ARRAY: $_columnName // An array matching MySQL column names to friendly names, descriptions and types private $_columnName = array(