repomaa/food.php

## food.php
<?php
	if (isset($_POST['api_key']))
		$api_key = $_POST['api_key'];
	else
		send_error_response('You need to provide your api key');
	if (isset($_POST['api_sig']))
		$api_sig = $_POST['api_sig'];
	else
		send_error_response('You need sign your calls');
	if (isset($_POST['session']))
		$session = $_POST['session'];
	if (isset($_POST['request']))
		$request = $_POST['request'];
	else
		send_error_response('You have to provide a request');
	if(!mysql_connect('localhost','user','pass'))
		send_error_response('Internal server error');
	if(!mysql_select_db('opendiet'))
		send_error_response('Internal server error');
	if(!check_sig())
		send_error_response('Invalid signature');
	if($request === 'update' || $request === 'add') {
		if(!isset($session))
			send_error_response('You need to provide a session for write calls');
		else if(!checkSession($_POST['api_key'], $_POST['session']))
			send_error_response("Invalid session");
	}
	process_response();
	function process_response() {
		global $request, $api_key;
		switch($request) {
			case 'auth':
				$token = uniqid();
				mysql_query("UPDATE applications SET token = '". $token . "' WHERE api_key = '" . $api_key . "'");
				send_token_response($token);
				break;
			case 'session':
				if(isset($_POST['token']))
					session($_POST['token']);
				else
					send_error_response('You have to provide a token in order to obtain a session');
				break;
			case 'check_session':
				if(isset($_POST['session']) && checkSession($api_key, $_POST['session']))
					send_session_response($_POST['session']);
				else send_error_response('Invalid session');
				break;
			case 'search':
				if(isset($_POST['query']))
					search($_POST['query']);
				else
					send_error_response('You have to provide a search query for the food you are looking for');
				break;
			case 'update':
				if(isset($_POST['id'])) {
					update($_POST['id']);
				}
				else
					send_error_response("You have to provide a valid integer >= 0 as the parameter id for update");
				break;
			case 'add':
				if(isset($_POST['data']))
					add($_POST['data']);
				else
					send_error_response("You did not provide any data to add");
				break;
			default:
				send_error_response('Undefined request');
		}
	}
	function send_token_response($token) {
		global $api_key;
		$data = array('api_key'=>$api_key,'token'=>$token);
		send_json_response($data);
	}
	function send_session_response($session) {
		global $api_key;
		$data = array('api_key'=>$api_key,'session'=>$session);
		send_json_response($data);
	}
	function add($data) {
		global $api_key;
		$data = json_decode($data, true);
		if(!isset($data['name']))
			send_error_response("You did not define a value for name");
		if(!isset($data['carbs']))
			send_error_response("You did not define a value for carbs");
		if(!isset($data['fat']))
			send_error_response("You did not define a value for fat");
		if(!isset($data['protein']))
			send_error_response("You did not define a value for protein");
		if(!isset($data['alcohol']))
			$data['alcohol'] = 0;
		if(!isset($data['serving']))
			send_error_response("You did not define a value for serving");
		if(!isset($data['serving_type']))
			send_error_response("You did not define a value for serving type");
		$data['name'] = trim(mysql_real_escape_string($data['name']));
		$result = mysql_query(sprintf("SELECT * FROM food WHERE name = '%s'", $data['name']));
		if(mysql_num_rows($result) > 0)
			send_error_response($data['name'] . ' already exists. Please use update');
		foreach ($data as $key=>$value) {
			if($key !== 'name') {
				if($key !== 'serving_type') {
					if(!is_float($value) && !is_int($value))
						send_error_response($key . " must have a float/int value (it is " . $value . ")");
				}
				else if(!is_int($value))
					send_error_response($key . " must have a int value (it is " . $value . ")");
			}
		}
		$query = sprintf("INSERT INTO food (name, carbs, fat, protein, alcohol, serving, serving_type, api_key)
				VALUES('%s', %s, %s, %s, %s, %s, %s, '" . $api_key . "')",
				$data['name'],
				$data['carbs'],
				$data['fat'],
				$data['protein'],
				$data['alcohol'],
				$data['serving'],
				$data['serving_type']);
		if(mysql_query($query))
			send_ok_response();
		else send_error_response("MySQL error: " . mysql_error() . '(' . $query . ')');

	}
	function update($id) {
		global $api_key;
		if(!ctype_digit($id))
			send_error_response("You have to provide a valid integer >= 0 as the parameter id for update");
		$query = "UPDATE food SET ";
		if(!isset($_POST['data']))
			send_error_response("You have to provide data that should be updated");
		$data = json_decode($_POST['data'], true);
		foreach ($data as $key=>$value) {
			if($key !== 'name') {
				if($key !== 'serving_type') {
					if(!is_float($value) && !is_int($value))
						send_error_response($key . " must have a float/int value");
				}
				else if(!is_int($value))
					send_error_response($key . " must have a int value");
				$query .= $key . " = " . $value . ", ";
			}
			else $query .= $key . " = '" . $value . "', ";
		}
		$query = $query . "api_key = '" . $api_key . "' WHERE id = " . $id;
		mysql_query($query);
		send_ok_response();
	}
	function send_ok_response() {

	}
	function session($token) {
		global $api_key;
		$result = mysql_query("SELECT token FROM applications WHERE api_key = '" . $api_key . "'");
		if(mysql_num_rows($result) != 1)
			send_error_response('Internal server error');
		if($token !== mysql_result($result, 0))
			send_error_response('Invalid token');
		$session = str_replace('.', 'f', uniqid('', true));
		$query = "UPDATE applications SET token = null";
		if(!mysql_query("UPDATE applications SET token = null"))
			send_error_response("MySQL Error: " . mysql_error() . " (" . $query . ")");
		$query = "INSERT INTO sessions (api_key, session) VALUES ('" . $api_key . "', '" . $session . "')";
		if(!mysql_query($query))
			send_error_response("MySQL Error: " . mysql_error() . " (" . $query . ")");
		send_session_response($session);
	}
	function search($query) {
		$search_query = strtolower(trim($query));
		$search_keywords = explode(' ', $search_query);

		if(count($search_keywords) < 1)
			send_error_response('You have to provide a search query for the food you are looking for');
		$prepared_query = "SELECT * FROM food WHERE ";
		for($i=0; $i < count($search_keywords); $i++) {
			$prepared_query .= "LCASE(name) LIKE '%%%s%%' ";
			if(($i + 1) < count($search_keywords))
				$prepared_query .= "OR ";
			$search_keywords[$i] = mysql_real_escape_string($search_keywords[$i]);
		}
		$prepared_query .= "ORDER BY name";
		$query = vsprintf($prepared_query,
				$search_keywords);
		$result = mysql_query($query);
		$rows = array();
		while($r = mysql_fetch_assoc($result))
			$rows[] = $r;
		send_search_response($rows);
	}

	function send_json_response($data) {
		header('Content-type : application/json');
		echo json_encode($data);
	}
	function send_search_response($result) {
		send_json_response($result);
	}
	function check_sig() {
		global $api_key, $api_sig;
		$sorted_parms = $_POST;
		ksort($sorted_parms);
		$parm_string = '';
		foreach ($sorted_parms as $key=>$value)
			if($key !== 'api_sig')
				$parm_string .= $key.$value;
		if(!preg_match("/^[a-f0-9]{23}$/", $api_key))
			send_error_response('Invalid api key format');
		$secret_result = mysql_query("SELECT api_secret FROM applications WHERE api_key = '". $api_key . "'");
		$api_secret = mysql_result($secret_result, 0);
		if(count($secret_result) > 1 || empty($api_secret))
			send_error_response('Internal server error');
		$parm_string .= $api_secret;
		$hash = md5($parm_string);
		return $hash === $api_sig;
	}

	function send_error_response ($message) {
		header("HTTP/1.0 400 Bad Request");
		die($message);
	}
	function checkSession($api_key, $session) {
		$query = sprintf("SELECT api_key FROM sessions WHERE session = '%s'",
				mysql_real_escape_string($session));
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_assoc($result)) {
				if($row['api_key'] === $api_key)
					return true;
			}
		}
		return false;
	}
?>
	<?php
	if (isset($_POST['api_key']))
	$api_key = $_POST['api_key'];
	else
	send_error_response('You need to provide your api key');
	if (isset($_POST['api_sig']))
	$api_sig = $_POST['api_sig'];
	else
	send_error_response('You need sign your calls');
	if (isset($_POST['session']))
	$session = $_POST['session'];
	if (isset($_POST['request']))
	$request = $_POST['request'];
	else
	send_error_response('You have to provide a request');
	if(!mysql_connect('localhost','user','pass'))
	send_error_response('Internal server error');
	if(!mysql_select_db('opendiet'))
	send_error_response('Internal server error');
	if(!check_sig())
	send_error_response('Invalid signature');
	if($request === 'update' \|\| $request === 'add') {
	if(!isset($session))
	send_error_response('You need to provide a session for write calls');
	else if(!checkSession($_POST['api_key'], $_POST['session']))
	send_error_response("Invalid session");
	}
	process_response();
	function process_response() {
	global $request, $api_key;
	switch($request) {
	case 'auth':
	$token = uniqid();
	mysql_query("UPDATE applications SET token = '". $token . "' WHERE api_key = '" . $api_key . "'");
	send_token_response($token);
	break;
	case 'session':
	if(isset($_POST['token']))
	session($_POST['token']);
	else
	send_error_response('You have to provide a token in order to obtain a session');
	break;
	case 'check_session':
	if(isset($_POST['session']) && checkSession($api_key, $_POST['session']))
	send_session_response($_POST['session']);
	else send_error_response('Invalid session');
	break;
	case 'search':
	if(isset($_POST['query']))
	search($_POST['query']);
	else
	send_error_response('You have to provide a search query for the food you are looking for');
	break;
	case 'update':
	if(isset($_POST['id'])) {
	update($_POST['id']);
	}
	else
	send_error_response("You have to provide a valid integer >= 0 as the parameter id for update");
	break;
	case 'add':
	if(isset($_POST['data']))
	add($_POST['data']);
	else
	send_error_response("You did not provide any data to add");
	break;
	default:
	send_error_response('Undefined request');
	}
	}
	function send_token_response($token) {
	global $api_key;
	$data = array('api_key'=>$api_key,'token'=>$token);
	send_json_response($data);
	}
	function send_session_response($session) {
	global $api_key;
	$data = array('api_key'=>$api_key,'session'=>$session);
	send_json_response($data);
	}
	function add($data) {
	global $api_key;
	$data = json_decode($data, true);
	if(!isset($data['name']))
	send_error_response("You did not define a value for name");
	if(!isset($data['carbs']))
	send_error_response("You did not define a value for carbs");
	if(!isset($data['fat']))
	send_error_response("You did not define a value for fat");
	if(!isset($data['protein']))
	send_error_response("You did not define a value for protein");
	if(!isset($data['alcohol']))
	$data['alcohol'] = 0;
	if(!isset($data['serving']))
	send_error_response("You did not define a value for serving");
	if(!isset($data['serving_type']))
	send_error_response("You did not define a value for serving type");
	$data['name'] = trim(mysql_real_escape_string($data['name']));
	$result = mysql_query(sprintf("SELECT * FROM food WHERE name = '%s'", $data['name']));
	if(mysql_num_rows($result) > 0)
	send_error_response($data['name'] . ' already exists. Please use update');
	foreach ($data as $key=>$value) {
	if($key !== 'name') {
	if($key !== 'serving_type') {
	if(!is_float($value) && !is_int($value))
	send_error_response($key . " must have a float/int value (it is " . $value . ")");
	}
	else if(!is_int($value))
	send_error_response($key . " must have a int value (it is " . $value . ")");
	}
	}
	$query = sprintf("INSERT INTO food (name, carbs, fat, protein, alcohol, serving, serving_type, api_key)
	VALUES('%s', %s, %s, %s, %s, %s, %s, '" . $api_key . "')",
	$data['name'],
	$data['carbs'],
	$data['fat'],
	$data['protein'],
	$data['alcohol'],
	$data['serving'],
	$data['serving_type']);
	if(mysql_query($query))
	send_ok_response();
	else send_error_response("MySQL error: " . mysql_error() . '(' . $query . ')');

	}
	function update($id) {
	global $api_key;
	if(!ctype_digit($id))
	send_error_response("You have to provide a valid integer >= 0 as the parameter id for update");
	$query = "UPDATE food SET ";
	if(!isset($_POST['data']))
	send_error_response("You have to provide data that should be updated");
	$data = json_decode($_POST['data'], true);
	foreach ($data as $key=>$value) {
	if($key !== 'name') {
	if($key !== 'serving_type') {
	if(!is_float($value) && !is_int($value))
	send_error_response($key . " must have a float/int value");
	}
	else if(!is_int($value))
	send_error_response($key . " must have a int value");
	$query .= $key . " = " . $value . ", ";
	}
	else $query .= $key . " = '" . $value . "', ";
	}
	$query = $query . "api_key = '" . $api_key . "' WHERE id = " . $id;
	mysql_query($query);
	send_ok_response();
	}
	function send_ok_response() {

	}
	function session($token) {
	global $api_key;
	$result = mysql_query("SELECT token FROM applications WHERE api_key = '" . $api_key . "'");
	if(mysql_num_rows($result) != 1)
	send_error_response('Internal server error');
	if($token !== mysql_result($result, 0))
	send_error_response('Invalid token');
	$session = str_replace('.', 'f', uniqid('', true));
	$query = "UPDATE applications SET token = null";
	if(!mysql_query("UPDATE applications SET token = null"))
	send_error_response("MySQL Error: " . mysql_error() . " (" . $query . ")");
	$query = "INSERT INTO sessions (api_key, session) VALUES ('" . $api_key . "', '" . $session . "')";
	if(!mysql_query($query))
	send_error_response("MySQL Error: " . mysql_error() . " (" . $query . ")");
	send_session_response($session);
	}
	function search($query) {
	$search_query = strtolower(trim($query));
	$search_keywords = explode(' ', $search_query);

	if(count($search_keywords) < 1)
	send_error_response('You have to provide a search query for the food you are looking for');
	$prepared_query = "SELECT * FROM food WHERE ";
	for($i=0; $i < count($search_keywords); $i++) {
	$prepared_query .= "LCASE(name) LIKE '%%%s%%' ";
	if(($i + 1) < count($search_keywords))
	$prepared_query .= "OR ";
	$search_keywords[$i] = mysql_real_escape_string($search_keywords[$i]);
	}
	$prepared_query .= "ORDER BY name";
	$query = vsprintf($prepared_query,
	$search_keywords);
	$result = mysql_query($query);
	$rows = array();
	while($r = mysql_fetch_assoc($result))
	$rows[] = $r;
	send_search_response($rows);
	}

	function send_json_response($data) {
	header('Content-type : application/json');
	echo json_encode($data);
	}
	function send_search_response($result) {
	send_json_response($result);
	}
	function check_sig() {
	global $api_key, $api_sig;
	$sorted_parms = $_POST;
	ksort($sorted_parms);
	$parm_string = '';
	foreach ($sorted_parms as $key=>$value)
	if($key !== 'api_sig')
	$parm_string .= $key.$value;
	if(!preg_match("/^[a-f0-9]{23}$/", $api_key))
	send_error_response('Invalid api key format');
	$secret_result = mysql_query("SELECT api_secret FROM applications WHERE api_key = '". $api_key . "'");
	$api_secret = mysql_result($secret_result, 0);
	if(count($secret_result) > 1 \|\| empty($api_secret))
	send_error_response('Internal server error');
	$parm_string .= $api_secret;
	$hash = md5($parm_string);
	return $hash === $api_sig;
	}

	function send_error_response ($message) {
	header("HTTP/1.0 400 Bad Request");
	die($message);
	}
	function checkSession($api_key, $session) {
	$query = sprintf("SELECT api_key FROM sessions WHERE session = '%s'",
	mysql_real_escape_string($session));
	$result = mysql_query($query);
	if($result) {
	while($row = mysql_fetch_assoc($result)) {
	if($row['api_key'] === $api_key)
	return true;
	}
	}
	return false;
	}
	?>