Created
July 9, 2012 12:58
-
-
Save repomaa/3076396 to your computer and use it in GitHub Desktop.
Simple api code for food database access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if (isset($_POST['api_key'])) | |
$api_key = $_POST['api_key']; | |
else | |
send_error_response('You need to provide your api key'); | |
if (isset($_POST['api_sig'])) | |
$api_sig = $_POST['api_sig']; | |
else | |
send_error_response('You need sign your calls'); | |
if (isset($_POST['session'])) | |
$session = $_POST['session']; | |
if (isset($_POST['request'])) | |
$request = $_POST['request']; | |
else | |
send_error_response('You have to provide a request'); | |
if(!mysql_connect('localhost','user','pass')) | |
send_error_response('Internal server error'); | |
if(!mysql_select_db('opendiet')) | |
send_error_response('Internal server error'); | |
if(!check_sig()) | |
send_error_response('Invalid signature'); | |
if($request === 'update' || $request === 'add') { | |
if(!isset($session)) | |
send_error_response('You need to provide a session for write calls'); | |
else if(!checkSession($_POST['api_key'], $_POST['session'])) | |
send_error_response("Invalid session"); | |
} | |
process_response(); | |
function process_response() { | |
global $request, $api_key; | |
switch($request) { | |
case 'auth': | |
$token = uniqid(); | |
mysql_query("UPDATE applications SET token = '". $token . "' WHERE api_key = '" . $api_key . "'"); | |
send_token_response($token); | |
break; | |
case 'session': | |
if(isset($_POST['token'])) | |
session($_POST['token']); | |
else | |
send_error_response('You have to provide a token in order to obtain a session'); | |
break; | |
case 'check_session': | |
if(isset($_POST['session']) && checkSession($api_key, $_POST['session'])) | |
send_session_response($_POST['session']); | |
else send_error_response('Invalid session'); | |
break; | |
case 'search': | |
if(isset($_POST['query'])) | |
search($_POST['query']); | |
else | |
send_error_response('You have to provide a search query for the food you are looking for'); | |
break; | |
case 'update': | |
if(isset($_POST['id'])) { | |
update($_POST['id']); | |
} | |
else | |
send_error_response("You have to provide a valid integer >= 0 as the parameter id for update"); | |
break; | |
case 'add': | |
if(isset($_POST['data'])) | |
add($_POST['data']); | |
else | |
send_error_response("You did not provide any data to add"); | |
break; | |
default: | |
send_error_response('Undefined request'); | |
} | |
} | |
function send_token_response($token) { | |
global $api_key; | |
$data = array('api_key'=>$api_key,'token'=>$token); | |
send_json_response($data); | |
} | |
function send_session_response($session) { | |
global $api_key; | |
$data = array('api_key'=>$api_key,'session'=>$session); | |
send_json_response($data); | |
} | |
function add($data) { | |
global $api_key; | |
$data = json_decode($data, true); | |
if(!isset($data['name'])) | |
send_error_response("You did not define a value for name"); | |
if(!isset($data['carbs'])) | |
send_error_response("You did not define a value for carbs"); | |
if(!isset($data['fat'])) | |
send_error_response("You did not define a value for fat"); | |
if(!isset($data['protein'])) | |
send_error_response("You did not define a value for protein"); | |
if(!isset($data['alcohol'])) | |
$data['alcohol'] = 0; | |
if(!isset($data['serving'])) | |
send_error_response("You did not define a value for serving"); | |
if(!isset($data['serving_type'])) | |
send_error_response("You did not define a value for serving type"); | |
$data['name'] = trim(mysql_real_escape_string($data['name'])); | |
$result = mysql_query(sprintf("SELECT * FROM food WHERE name = '%s'", $data['name'])); | |
if(mysql_num_rows($result) > 0) | |
send_error_response($data['name'] . ' already exists. Please use update'); | |
foreach ($data as $key=>$value) { | |
if($key !== 'name') { | |
if($key !== 'serving_type') { | |
if(!is_float($value) && !is_int($value)) | |
send_error_response($key . " must have a float/int value (it is " . $value . ")"); | |
} | |
else if(!is_int($value)) | |
send_error_response($key . " must have a int value (it is " . $value . ")"); | |
} | |
} | |
$query = sprintf("INSERT INTO food (name, carbs, fat, protein, alcohol, serving, serving_type, api_key) | |
VALUES('%s', %s, %s, %s, %s, %s, %s, '" . $api_key . "')", | |
$data['name'], | |
$data['carbs'], | |
$data['fat'], | |
$data['protein'], | |
$data['alcohol'], | |
$data['serving'], | |
$data['serving_type']); | |
if(mysql_query($query)) | |
send_ok_response(); | |
else send_error_response("MySQL error: " . mysql_error() . '(' . $query . ')'); | |
} | |
function update($id) { | |
global $api_key; | |
if(!ctype_digit($id)) | |
send_error_response("You have to provide a valid integer >= 0 as the parameter id for update"); | |
$query = "UPDATE food SET "; | |
if(!isset($_POST['data'])) | |
send_error_response("You have to provide data that should be updated"); | |
$data = json_decode($_POST['data'], true); | |
foreach ($data as $key=>$value) { | |
if($key !== 'name') { | |
if($key !== 'serving_type') { | |
if(!is_float($value) && !is_int($value)) | |
send_error_response($key . " must have a float/int value"); | |
} | |
else if(!is_int($value)) | |
send_error_response($key . " must have a int value"); | |
$query .= $key . " = " . $value . ", "; | |
} | |
else $query .= $key . " = '" . $value . "', "; | |
} | |
$query = $query . "api_key = '" . $api_key . "' WHERE id = " . $id; | |
mysql_query($query); | |
send_ok_response(); | |
} | |
function send_ok_response() { | |
} | |
function session($token) { | |
global $api_key; | |
$result = mysql_query("SELECT token FROM applications WHERE api_key = '" . $api_key . "'"); | |
if(mysql_num_rows($result) != 1) | |
send_error_response('Internal server error'); | |
if($token !== mysql_result($result, 0)) | |
send_error_response('Invalid token'); | |
$session = str_replace('.', 'f', uniqid('', true)); | |
$query = "UPDATE applications SET token = null"; | |
if(!mysql_query("UPDATE applications SET token = null")) | |
send_error_response("MySQL Error: " . mysql_error() . " (" . $query . ")"); | |
$query = "INSERT INTO sessions (api_key, session) VALUES ('" . $api_key . "', '" . $session . "')"; | |
if(!mysql_query($query)) | |
send_error_response("MySQL Error: " . mysql_error() . " (" . $query . ")"); | |
send_session_response($session); | |
} | |
function search($query) { | |
$search_query = strtolower(trim($query)); | |
$search_keywords = explode(' ', $search_query); | |
if(count($search_keywords) < 1) | |
send_error_response('You have to provide a search query for the food you are looking for'); | |
$prepared_query = "SELECT * FROM food WHERE "; | |
for($i=0; $i < count($search_keywords); $i++) { | |
$prepared_query .= "LCASE(name) LIKE '%%%s%%' "; | |
if(($i + 1) < count($search_keywords)) | |
$prepared_query .= "OR "; | |
$search_keywords[$i] = mysql_real_escape_string($search_keywords[$i]); | |
} | |
$prepared_query .= "ORDER BY name"; | |
$query = vsprintf($prepared_query, | |
$search_keywords); | |
$result = mysql_query($query); | |
$rows = array(); | |
while($r = mysql_fetch_assoc($result)) | |
$rows[] = $r; | |
send_search_response($rows); | |
} | |
function send_json_response($data) { | |
header('Content-type : application/json'); | |
echo json_encode($data); | |
} | |
function send_search_response($result) { | |
send_json_response($result); | |
} | |
function check_sig() { | |
global $api_key, $api_sig; | |
$sorted_parms = $_POST; | |
ksort($sorted_parms); | |
$parm_string = ''; | |
foreach ($sorted_parms as $key=>$value) | |
if($key !== 'api_sig') | |
$parm_string .= $key.$value; | |
if(!preg_match("/^[a-f0-9]{23}$/", $api_key)) | |
send_error_response('Invalid api key format'); | |
$secret_result = mysql_query("SELECT api_secret FROM applications WHERE api_key = '". $api_key . "'"); | |
$api_secret = mysql_result($secret_result, 0); | |
if(count($secret_result) > 1 || empty($api_secret)) | |
send_error_response('Internal server error'); | |
$parm_string .= $api_secret; | |
$hash = md5($parm_string); | |
return $hash === $api_sig; | |
} | |
function send_error_response ($message) { | |
header("HTTP/1.0 400 Bad Request"); | |
die($message); | |
} | |
function checkSession($api_key, $session) { | |
$query = sprintf("SELECT api_key FROM sessions WHERE session = '%s'", | |
mysql_real_escape_string($session)); | |
$result = mysql_query($query); | |
if($result) { | |
while($row = mysql_fetch_assoc($result)) { | |
if($row['api_key'] === $api_key) | |
return true; | |
} | |
} | |
return false; | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment