Bläddra i källkod

Add api.php

master
Skylar Ittner 2 år sedan
förälder
incheckning
0b811feccb
2 ändrade filer med 38 tillägg och 0 borttagningar
  1. 2
    0
      README.md
  2. 36
    0
      api.php

+ 2
- 0
README.md Visa fil

@@ -36,6 +36,8 @@ Program Structure
Read through it to see what those functions do.
* action.php
A good place to post forms to. By default it only handles logging out, but is easily expanded.
* api.php
Similar to action.php, but designed for user/pass authenticated JSON responses.
* index.php
Login page and handler. Hands off to `app.php` after authenticating user.
It includes 2fa support, by the way.

+ 36
- 0
api.php Visa fil

@@ -0,0 +1,36 @@
<?php

/**
* Simple JSON API to allow other apps to access data from this app.
*
* Requests can be sent via either GET or POST requests. POST is recommended
* as it has a lower chance of being logged on the server, exposing unencrypted
* user passwords.
*/
require __DIR__ . '/required.php';
require_once __DIR__ . '/lib/login.php';
require_once __DIR__ . '/lib/userinfo.php';
header("Content-Type: application/json");

$username = $VARS['username'];
$password = $VARS['password'];
if (user_exists($username) !== true || authenticate_user($username, $password, $errmsg) !== true) {
header("HTTP/1.1 403 Unauthorized");
die("\"403 Unauthorized\"");
}
$userinfo = getUserByUsername($username);

// query max results
$max = 20;
if (preg_match("/^[0-9]+$/", $VARS['max']) === 1 && $VARS['max'] <= 1000) {
$max = (int) $VARS['max'];
}

switch ($VARS['action']) {
case "ping":
$out = ["status" => "OK", "maxresults" => $max, "pong" => true];
exit(json_encode($out));
default:
header("HTTP/1.1 400 Bad Request");
die("\"400 Bad Request\"");
}

Laddar…
Avbryt
Spara