diff --git a/application/config/autoload.php b/application/config/autoload.php
index 817617a9b..5c7947faf 100755
--- a/application/config/autoload.php
+++ b/application/config/autoload.php
@@ -59,7 +59,7 @@ $autoload['packages'] = array();
| $autoload['libraries'] = array('user_agent' => 'ua');
*/
//$autoload['libraries'] = array();
-$autoload['libraries'] = array('database');
+$autoload['libraries'] = array('session');
/*
| -------------------------------------------------------------------
diff --git a/application/config/rest.php b/application/config/rest.php
index 3eae1456f..03c1f1307 100644
--- a/application/config/rest.php
+++ b/application/config/rest.php
@@ -94,7 +94,7 @@ $config['enable_emulate_request'] = TRUE;
| e.g: My Secret REST API
|
*/
-$config['rest_realm'] = 'REST API';
+$config['rest_realm'] = 'FHC REST API';
/*
|--------------------------------------------------------------------------
@@ -110,7 +110,7 @@ $config['rest_realm'] = 'REST API';
| authorization key
|
*/
-$config['rest_auth'] = FALSE;
+$config['rest_auth'] = 'session';
/*
|--------------------------------------------------------------------------
@@ -126,7 +126,7 @@ $config['rest_auth'] = FALSE;
| Note: If 'rest_auth' is set to 'session' then change 'auth_source' to the name of the session variable
|
*/
-$config['auth_source'] = 'ldap';
+$config['auth_source'] = 'RestAPISession';
/*
|--------------------------------------------------------------------------
@@ -144,8 +144,8 @@ $config['auth_source'] = 'ldap';
| e.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
|
*/
-$config['auth_library_class'] = '';
-$config['auth_library_function'] = '';
+$config['auth_library_class'] = 'FHCAuth';
+$config['auth_library_function'] = 'auth';
/*
|--------------------------------------------------------------------------
@@ -353,7 +353,7 @@ $config['rest_key_length'] = 40;
| 2012/06/12. See RFC 6648 specification for more details
|
*/
-$config['rest_key_name'] = 'WSP-API-KEY';
+$config['rest_key_name'] = 'FHC-API-KEY';
/*
|--------------------------------------------------------------------------
diff --git a/application/controllers/Person.php b/application/controllers/Person.php
index cf066c8ce..890daa4ac 100644
--- a/application/controllers/Person.php
+++ b/application/controllers/Person.php
@@ -1,5 +1,5 @@
+ * @see http://codeigniter.com/user_guide/general/urls.html
+ */
+ public function index()
+ {
+ if ($this->dbupdate())
+ echo 'System-DB needs update!';
+ else
+ {
+ $this->load->view('templates/header');
+ $this->load->view('vilesci_frameset');
+ $this->load->view('templates/footer');
+ }
+ }
+
+ private function dbupdate()
+ {
+ // Check for update (codeigniter migration)
+ $this->load->library('migration');
+ if ($this->migration->current() === FALSE)
+ show_error($this->migration->error_string());
+ if ($this->migration->current() != $this->migration->latest())
+ return true;
+ else
+ return false;
+ }
+}
diff --git a/application/controllers/api/Key.php b/application/controllers/api/Key.php
new file mode 100644
index 000000000..0fa67172c
--- /dev/null
+++ b/application/controllers/api/Key.php
@@ -0,0 +1,272 @@
+ ['level' => 10, 'limit' => 10],
+ 'index_delete' => ['level' => 10],
+ 'level_post' => ['level' => 10],
+ 'regenerate_post' => ['level' => 10],
+ ];
+
+ /**
+ * Insert a key into the database
+ *
+ * @access public
+ * @return void
+ */
+ public function index_put()
+ {
+ // Build a new key
+ $key = $this->_generate_key();
+
+ // If no key level provided, provide a generic key
+ $level = $this->put('level') ? $this->put('level') : 1;
+ $ignore_limits = ctype_digit($this->put('ignore_limits')) ? (int) $this->put('ignore_limits') : 1;
+
+ // Insert the new key
+ if ($this->_insert_key($key, ['level' => $level, 'ignore_limits' => $ignore_limits]))
+ {
+ $this->response([
+ 'status' => TRUE,
+ 'key' => $key
+ ], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
+ }
+ else
+ {
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Could not save the key'
+ ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
+ }
+ }
+
+ /**
+ * Remove a key from the database to stop it working
+ *
+ * @access public
+ * @return void
+ */
+ public function index_delete()
+ {
+ $key = $this->delete('key');
+
+ // Does this key exist?
+ if (!$this->_key_exists($key))
+ {
+ // It doesn't appear the key exists
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Invalid API key'
+ ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
+ }
+
+ // Destroy it
+ $this->_delete_key($key);
+
+ // Respond that the key was destroyed
+ $this->response([
+ 'status' => TRUE,
+ 'message' => 'API key was deleted'
+ ], REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code
+ }
+
+ /**
+ * Change the level
+ *
+ * @access public
+ * @return void
+ */
+ public function level_post()
+ {
+ $key = $this->post('key');
+ $new_level = $this->post('level');
+
+ // Does this key exist?
+ if (!$this->_key_exists($key))
+ {
+ // It doesn't appear the key exists
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Invalid API key'
+ ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
+ }
+
+ // Update the key level
+ if ($this->_update_key($key, ['level' => $new_level]))
+ {
+ $this->response([
+ 'status' => TRUE,
+ 'message' => 'API key was updated'
+ ], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
+ }
+ else
+ {
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Could not update the key level'
+ ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
+ }
+ }
+
+ /**
+ * Suspend a key
+ *
+ * @access public
+ * @return void
+ */
+ public function suspend_post()
+ {
+ $key = $this->post('key');
+
+ // Does this key exist?
+ if (!$this->_key_exists($key))
+ {
+ // It doesn't appear the key exists
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Invalid API key'
+ ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
+ }
+
+ // Update the key level
+ if ($this->_update_key($key, ['level' => 0]))
+ {
+ $this->response([
+ 'status' => TRUE,
+ 'message' => 'Key was suspended'
+ ], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
+ }
+ else
+ {
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Could not suspend the user'
+ ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
+ }
+ }
+
+ /**
+ * Regenerate a key
+ *
+ * @access public
+ * @return void
+ */
+ public function regenerate_post()
+ {
+ $old_key = $this->post('key');
+ $key_details = $this->_get_key($old_key);
+
+ // Does this key exist?
+ if (!$key_details)
+ {
+ // It doesn't appear the key exists
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Invalid API key'
+ ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
+ }
+
+ // Build a new key
+ $new_key = $this->_generate_key();
+
+ // Insert the new key
+ if ($this->_insert_key($new_key, ['level' => $key_details->level, 'ignore_limits' => $key_details->ignore_limits]))
+ {
+ // Suspend old key
+ $this->_update_key($old_key, ['level' => 0]);
+
+ $this->response([
+ 'status' => TRUE,
+ 'key' => $new_key
+ ], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
+ }
+ else
+ {
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'Could not save the key'
+ ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
+ }
+ }
+
+ /* Helper Methods */
+
+ private function _generate_key()
+ {
+ do
+ {
+ // Generate a random salt
+ $salt = base_convert(bin2hex($this->security->get_random_bytes(64)), 16, 36);
+
+ // If an error occurred, then fall back to the previous method
+ if ($salt === FALSE)
+ {
+ $salt = hash('sha256', time() . mt_rand());
+ }
+
+ $new_key = substr($salt, 0, config_item('rest_key_length'));
+ }
+ while ($this->_key_exists($new_key));
+
+ return $new_key;
+ }
+
+ /* Private Data Methods */
+
+ private function _get_key($key)
+ {
+ return $this->db
+ ->where(config_item('rest_key_column'), $key)
+ ->get(config_item('rest_keys_table'))
+ ->row();
+ }
+
+ private function _key_exists($key)
+ {
+ return $this->db
+ ->where(config_item('rest_key_column'), $key)
+ ->count_all_results(config_item('rest_keys_table')) > 0;
+ }
+
+ private function _insert_key($key, $data)
+ {
+ $data[config_item('rest_key_column')] = $key;
+ $data['date_created'] = function_exists('now') ? now() : time();
+
+ return $this->db
+ ->set($data)
+ ->insert(config_item('rest_keys_table'));
+ }
+
+ private function _update_key($key, $data)
+ {
+ return $this->db
+ ->where(config_item('rest_key_column'), $key)
+ ->update(config_item('rest_keys_table'), $data);
+ }
+
+ private function _delete_key($key)
+ {
+ return $this->db
+ ->where(config_item('rest_key_column'), $key)
+ ->delete(config_item('rest_keys_table'));
+ }
+
+}
diff --git a/application/language/english/index.html b/application/controllers/api/index.html
old mode 100755
new mode 100644
similarity index 100%
rename from application/language/english/index.html
rename to application/controllers/api/index.html
diff --git a/application/controllers/api/v1/AuthAPI.php b/application/controllers/api/v1/AuthAPI.php
new file mode 100644
index 000000000..ee9288c7b
--- /dev/null
+++ b/application/controllers/api/v1/AuthAPI.php
@@ -0,0 +1,130 @@
+methods['login_get']['limit'] = 500; // 500 requests per hour per user/key
+
+ // Load helper
+ $this->load->helper('fhcauth');
+ $this->load->library('session');
+ }
+
+ /**
+ * Checks user credentials and creates a new session
+ * @return string JSON that indicates success/failure of login
+ * @example normal account: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/password/secret/device_id/abcdef123
+ * @example OAuth Google: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/google_token/qwert321
+ * @example OAuth Facebook: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/fb_token/qwert321
+ */
+ public function login_get()
+ {
+ $payload = array();
+ $errormsg = "";
+ $httpstatus = null;
+ $username = urldecode($this->get('username'));
+ $password = urldecode($this->get('password'));
+
+ $account = auth($username,$password);
+
+ // perform login checks
+ if (!$account)
+ $errormsg = "Auth not accepted!";
+
+ if (empty($errormsg))
+ {
+ // generate new session
+ $this->session->sess_regenerate();
+ $token = session_id();
+
+ $payload = [
+ 'success' => true,
+ 'message' => 'User successfully logged in',
+ 'session_id' => $token
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => $errormsg
+ ];
+ $httpstatus = REST_Controller::HTTP_UNAUTHORIZED;
+ }
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+ /**
+ * Logs out user by destroying session
+ * @return string JSON that indicates success/failure of logout
+ * @example http://wsp.fortyseeds.at/backend/api/userauth/logout/username/foo%40bar.at/session_id/55afab8ba6f1b/device_id/abcdef123
+ */
+ public function logout_get()
+ {
+ $payload = array();
+ $httpstatus = null;
+ $token = $this->get('session_id');
+ $username = urldecode($this->get('username'));
+ $deviceid = $this->get('device_id');
+ $account = $this->user_model->load($username);
+
+ // destroy session
+ if ($this->session_model->destroy($account, $token, $deviceid))
+ {
+ $payload = [
+ 'success' => true,
+ 'message' => 'user successfully logged out'
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => 'user could not be logged out'
+ ];
+ $httpstatus = REST_Controller::HTTP_BAD_REQUEST;
+ }
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+
+}
diff --git a/application/controllers/api/v1/Example.php b/application/controllers/api/v1/Example.php
new file mode 100644
index 000000000..0e84e47ef
--- /dev/null
+++ b/application/controllers/api/v1/Example.php
@@ -0,0 +1,140 @@
+methods['user_get']['limit'] = 500; // 500 requests per hour per user/key
+ $this->methods['user_post']['limit'] = 100; // 100 requests per hour per user/key
+ $this->methods['user_delete']['limit'] = 50; // 50 requests per hour per user/key
+ }
+
+ public function users_get()
+ {
+ // Users from a data store e.g. database
+ $users = [
+ ['id' => 1, 'name' => 'John', 'email' => 'john@example.com', 'fact' => 'Loves coding'],
+ ['id' => 2, 'name' => 'Jim', 'email' => 'jim@example.com', 'fact' => 'Developed on CodeIgniter'],
+ ['id' => 3, 'name' => 'Jane', 'email' => 'jane@example.com', 'fact' => 'Lives in the USA', ['hobbies' => ['guitar', 'cycling']]],
+ ];
+
+ $id = $this->get('id');
+
+ // If the id parameter doesn't exist return all the users
+
+ if ($id === NULL)
+ {
+ // Check if the users data store contains users (in case the database result returns NULL)
+ if ($users)
+ {
+ // Set the response and exit
+ $this->response($users, REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
+ }
+ else
+ {
+ // Set the response and exit
+ $this->response([
+ 'status' => FALSE,
+ 'message' => 'No users were found'
+ ], REST_Controller::HTTP_NOT_FOUND); // NOT_FOUND (404) being the HTTP response code
+ }
+ }
+
+ // Find and return a single record for a particular user.
+
+ $id = (int) $id;
+
+ // Validate the id.
+ if ($id <= 0)
+ {
+ // Invalid id, set the response and exit.
+ $this->response(NULL, REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
+ }
+
+ // Get the user from the array, using the id as key for retreival.
+ // Usually a model is to be used for this.
+
+ $user = NULL;
+
+ if (!empty($users))
+ {
+ foreach ($users as $key => $value)
+ {
+ if (isset($value['id']) && $value['id'] === $id)
+ {
+ $user = $value;
+ }
+ }
+ }
+
+ if (!empty($user))
+ {
+ $this->set_response($user, REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
+ }
+ else
+ {
+ $this->set_response([
+ 'status' => FALSE,
+ 'message' => 'User could not be found'
+ ], REST_Controller::HTTP_NOT_FOUND); // NOT_FOUND (404) being the HTTP response code
+ }
+ }
+
+ public function users_post()
+ {
+ // $this->some_model->update_user( ... );
+ $message = [
+ 'id' => 100, // Automatically generated by the model
+ 'name' => $this->post('name'),
+ 'email' => $this->post('email'),
+ 'message' => 'Added a resource'
+ ];
+
+ $this->set_response($message, REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
+ }
+
+ public function users_delete()
+ {
+ $id = (int) $this->get('id');
+
+ // Validate the id.
+ if ($id <= 0)
+ {
+ // Set the response and exit
+ $this->response(NULL, REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
+ }
+
+ // $this->some_model->delete_something($id);
+ $message = [
+ 'id' => $id,
+ 'message' => 'Deleted the resource'
+ ];
+
+ $this->set_response($message, REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code
+ }
+
+}
diff --git a/application/controllers/api/v1/Person.php b/application/controllers/api/v1/Person.php
new file mode 100644
index 000000000..a594a1cf1
--- /dev/null
+++ b/application/controllers/api/v1/Person.php
@@ -0,0 +1,367 @@
+load->model('person/person_model');
+ }
+
+ public function person_get()
+ {
+ //if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
+ // $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
+
+ $code = $this->get('code');
+
+ if (!is_null($code))
+ $result = $this->person_model->getPersonByCode($code);
+ // var_dump($result[0]);
+
+ if (empty($result))
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => 'Person not found'
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+ }
+ else
+ {
+ // return all available locations
+ $payload = [
+ 'success' => true,
+ 'message' => 'Person with code found',
+ 'person_id' => $result[0]->person_id
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+ }
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+ /**
+ * Creates a new location for whisper or returns all available locations
+ * within a certain radius
+ * @return string JSON that indicates success/failure of creating location
+ * @example http://wsp.fortyseeds.at/backend/api/whisper/location/name/Foo/latitude/37.37888785004527/longitude/-120.333251953125/session_id/55afab8ba6f1b/device_id/abcdef123
+ */
+ public function location_get()
+ {
+ if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
+ $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
+
+ $name = urldecode($this->get('name'));
+ $latitude = $this->get('latitude');
+ $longitude = $this->get('longitude');
+
+ if (!empty($name) && !empty($latitude) && !empty($longitude))
+ {
+ // check available locations
+ $locsWithinRadius = $this->location_model->getLocationsWithinRadius($latitude, $longitude);
+
+ if (empty($locsWithinRadius))
+ {
+ // create new location
+ $locId = $this->location_model->create($name, $latitude, $longitude);
+
+ if ($locId !== false)
+ {
+ $payload = [
+ 'success' => true,
+ 'message' => 'location created successfully',
+ 'location_id' => $locId
+ ];
+ $httpstatus = REST_Controller::HTTP_CREATED;
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => 'location could not be created'
+ ];
+ $httpstatus = REST_Controller::HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+ else
+ {
+ // return all available locations
+ $payload = [
+ 'success' => true,
+ 'message' => '1 or more locations available',
+ 'location_id' => $locsWithinRadius
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+ }
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => "name, latitude or longitude missing"
+ ];
+ $httpstatus = REST_Controller::HTTP_BAD_REQUEST;
+ }
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+ /**
+ * Creates a new whisper
+ * @return string JSON that indicates success/failure of creating location
+ * @example http://wsp.fortyseeds.at/backend/api/whisper/create/session_id/55afab8ba6f1b/device_id/abcdef123
+ */
+ public function create_post()
+ {
+ if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
+ $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
+
+ $data = $this->post('whisper');
+
+ // perform checks if whisper can be created
+ $errormsg = "";
+ $notNull = array('location_id', 'name', 'type', 'description', 'scenery', 'price', 'sportiness', 'address', 'category');
+ foreach ($notNull as $key)
+ {
+ if (empty($data[$key]))
+ {
+ $errormsg = "missing data";
+ break;
+ }
+ }
+
+ if (empty($errormsg))
+ {
+ if (!empty($data['picture']))
+ {
+ // save file name in the profile
+ $data['picture'] = $this->_savePicture($data['picture']);
+ }
+
+ // add user ID to data
+ $session = $this->session_model->load($this->get('session_id'));
+ $data['user_id'] = $session->user_id;
+
+ // create new whisper
+ $whisperId = $this->whisper_model->create($data);
+
+ if ($whisperId !== false)
+ {
+ // check if user status change is necessary
+ if ($this->status_model->current($session->user_id) != 'full' &&
+ $this->whisper_model->count($session->user_id) >= $this->config->item('userstatus_full_whisperer'))
+ {
+ $this->status_model->set($session->user_id, 'full');
+ }
+
+ $payload = [
+ 'success' => true,
+ 'message' => 'whisper created successfully',
+ 'whisper_id' => $whisperId
+ ];
+ $httpstatus = REST_Controller::HTTP_CREATED;
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => 'whisper could not be created'
+ ];
+ $httpstatus = REST_Controller::HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => $errormsg
+ ];
+ $httpstatus = REST_Controller::HTTP_BAD_REQUEST;
+ }
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+ /**
+ * Edits a whisper
+ * @return string JSON that indicates success/failure of editing whisper
+ * @example http://wsp.fortyseeds.at/backend/api/whisper/edit/whisper_id/1/session_id/55afab8ba6f1b/device_id/abcdef123
+ */
+ public function edit_post()
+ {
+ if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
+ $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
+
+ $data = $this->post('whisper');
+ $whisperId = $this->get('whisper_id');
+
+ // perform checks if whisper can be edited
+ $errormsg = "";
+ $notNull = array('location_id', 'name', 'type', 'description', 'scenery', 'price', 'sportiness', 'address', 'category');
+ foreach ($notNull as $key)
+ {
+ if (isset($data[$key]) && empty($data[$key]))
+ {
+ $errormsg = "missing data";
+ break;
+ }
+ }
+
+ if (empty($errormsg))
+ {
+ if (!empty($data['picture']))
+ {
+ $data['picture'] = $this->_savePicture($data['picture']);
+ }
+
+ // load user session
+ $session = $this->session_model->load($this->get('session_id'));
+
+ // save changes
+ $result = $this->whisper_model->edit($whisperId, $data, $session->user_id);
+
+ if ($result === 1)
+ {
+ $payload = [
+ 'success' => true,
+ 'message' => 'whisper edited successfully'
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => 'whisper does not exist or does not belong to user'
+ ];
+ $httpstatus = REST_Controller::HTTP_BAD_REQUEST;
+ }
+ }
+ else
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => $errormsg
+ ];
+ $httpstatus = REST_Controller::HTTP_BAD_REQUEST;
+ }
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+ /**
+ * Returns all whispers of a user
+ * @return string JSON with whisper data
+ * @example http://wsp.fortyseeds.at/backend/api/whisper/personal/session_id/55afab8ba6f1b/device_id/abcdef123
+ */
+ public function personal_get()
+ {
+ if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
+ $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
+
+ $profile = $this->profile_model->loadBySession($this->get('session_id'));
+ $whispers = $this->whisper_model->getByUser($profile->user_id);
+
+ $payload = [
+ 'success' => true,
+ 'message' => 'whispers returned successfully',
+ 'whispers' => $whispers
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+ /**
+ * Deletes a whisper
+ * @return string JSON that indicates success/failure of deleting whisper
+ * @example http://wsp.fortyseeds.at/backend/api/whisper/delete/session_id/d05434b3728bd2a525a1947c3ec4d754/device_id/abcdef123/whisper_id/7/reason/Gef%C3%A4llt%20mir%20nicht%20mehr
+ */
+ public function delete_get()
+ {
+ if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
+ $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
+
+ $whisperId = $this->get('whisper_id');
+ $this->get('reason') == '' ? $reason = 'null' : $reason = "'" . urldecode($this->get('reason')) . "'";
+ $profile = $this->profile_model->loadBySession($this->get('session_id'));
+
+ $result = $this->whisper_model->delete($whisperId, $profile->user_id, $reason);
+
+ if ($result === 0)
+ {
+ $payload = [
+ 'success' => false,
+ 'message' => 'whisper does not exist or does not belong to user'
+ ];
+ $httpstatus = REST_Controller::HTTP_BAD_REQUEST;
+ }
+ else
+ {
+ $payload = [
+ 'success' => true,
+ 'message' => 'whisper deleted successfully'
+ ];
+ $httpstatus = REST_Controller::HTTP_OK;
+ }
+
+ // Set the response and exit
+ $this->response($payload, $httpstatus);
+ }
+
+ /**
+ * Decodes base64 image data and saves file to disk
+ * @param string $base64data
+ * @return string path and file name of picture
+ */
+ private function _savePicture($base64data)
+ {
+ // decode data and get file type
+ $imgdata = base64_decode($base64data);
+ $fileinfo = finfo_open();
+ $mimetype = finfo_buffer($fileinfo, $imgdata, FILEINFO_MIME_TYPE);
+ $ext = str_replace('image/', '.', $mimetype);
+
+ $tmpfname = tempnam($this->config->item('whisperpic_path'), "wsp");
+ $picfname = $tmpfname . $ext;
+
+ // save pic to disk
+ $handle = fopen($picfname, "w");
+ fwrite($handle, $imgdata);
+ fclose($handle);
+
+ // delete tmp file
+ if (is_file($tmpfname))
+ unlink($tmpfname);
+
+ // return file name
+ return $picfname;
+ }
+}
diff --git a/application/controllers/api/v1/Ping.php b/application/controllers/api/v1/Ping.php
new file mode 100644
index 000000000..bde091170
--- /dev/null
+++ b/application/controllers/api/v1/Ping.php
@@ -0,0 +1,56 @@
+methods['ping_get']['limit'] = 500; // 500 requests per hour per user/key
+ }
+
+ /**
+ * Responds to ping attempts of applications
+ * @return string JSON which acknowledges the ping attempt
+ * @example http://wsp.fortyseeds.at/backend/api/ping
+ */
+ public function index_get()
+ {
+ $payload = [
+ 'success' => true,
+ 'message' => 'ping received'
+ ];
+
+ // Set the response and exit
+ $this->response($payload, REST_Controller::HTTP_OK);
+ }
+}
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php
new file mode 100644
index 000000000..076986a96
--- /dev/null
+++ b/application/core/MY_Controller.php
@@ -0,0 +1,17 @@
+load->library('session'); -> autoload
+ //$this->load->library('database'); -> autoload
+
+ }
+
+}
diff --git a/application/core/MY_Model.php b/application/core/MY_Model.php
new file mode 100644
index 000000000..7713005cc
--- /dev/null
+++ b/application/core/MY_Model.php
@@ -0,0 +1,13 @@
+load->library('database');
+
+ }
+
+}
diff --git a/application/helpers/fhcauth_helper.php b/application/helpers/fhcauth_helper.php
new file mode 100644
index 000000000..645952841
--- /dev/null
+++ b/application/helpers/fhcauth_helper.php
@@ -0,0 +1,51 @@
+checkpassword($username, $password))
+ {
+ echo 'Auth-Method-False';
+ return true;
+ }
+ else
+ {
+ echo 'Auth-Method-False';
+ return false;
+ }
+ }
+}
diff --git a/application/language/de_AT/index.html b/application/language/de_AT/index.html
new file mode 100755
index 000000000..b702fbc39
--- /dev/null
+++ b/application/language/de_AT/index.html
@@ -0,0 +1,11 @@
+
+
+
+ 403 Forbidden
+
+
+
+Directory access is forbidden.
+
+
+
diff --git a/application/language/de_AT/rest_controller_lang.php b/application/language/de_AT/rest_controller_lang.php
new file mode 100644
index 000000000..1c665bdc5
--- /dev/null
+++ b/application/language/de_AT/rest_controller_lang.php
@@ -0,0 +1,17 @@
+load->database();
+ parent::__construct();
}
- public function get_personen($person_id = FALSE)
+ public function getPersonen($person_id = FALSE)
{
if ($person_id === FALSE)
{
@@ -17,4 +17,10 @@ class Person_model extends CI_Model
$query = $this->db->get_where('public.tbl_person', array('person_id' => $person_id));
return $query->row_object();
}
+
+ public function getPersonByCode($code)
+ {
+ $query = $this->db->get_where('public.tbl_person', array('zugangscode' => $code));
+ return $query->result_object();
+ }
}