You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
192 lines
7.3 KiB
PHP
192 lines
7.3 KiB
PHP
<?php
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/**
|
|
* Simple JSON API to allow other apps to access data from this app.
|
|
*
|
|
* Requests can be sent via either GET or POST requests. POST is recommended
|
|
* as it has a lower chance of being logged on the server, exposing unencrypted
|
|
* user passwords.
|
|
*/
|
|
require __DIR__ . '/required.php';
|
|
header("Content-Type: application/json");
|
|
|
|
/**
|
|
* Checks if the given AccountHub API key is valid by attempting to
|
|
* access the API with it.
|
|
* @param String $key The API key to check
|
|
* @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong
|
|
*/
|
|
function checkAPIKey($key) {
|
|
try {
|
|
$client = new GuzzleHttp\Client();
|
|
|
|
$response = $client
|
|
->request('POST', PORTAL_API, [
|
|
'form_params' => [
|
|
'key' => $key,
|
|
'action' => "ping"
|
|
]
|
|
]);
|
|
|
|
if ($response->getStatusCode() === 200) {
|
|
return true;
|
|
}
|
|
return false;
|
|
} catch (Exception $e) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
$username = $VARS['username'];
|
|
$password = $VARS['password'];
|
|
$user = User::byUsername($username);
|
|
if ($user->exists() !== true || ((Login::auth($username, $password) !== Login::LOGIN_OK) && !checkAPIKey($password))) {
|
|
header("HTTP/1.1 403 Unauthorized");
|
|
die("\"403 Unauthorized\"");
|
|
}
|
|
|
|
if (!$user->hasPermission("TASKFLOOR")) {
|
|
header("HTTP/1.1 403 Unauthorized");
|
|
die("\"403 Unauthorized\"");
|
|
}
|
|
|
|
// query max results
|
|
$max = 20;
|
|
if (isset($VARS['max']) && preg_match("/^[0-9]+$/", $VARS['max']) === 1 && $VARS['max'] <= 1000) {
|
|
$max = (int) $VARS['max'];
|
|
}
|
|
|
|
switch ($VARS['action']) {
|
|
case "gettasks":
|
|
$tasks = $database->query("SELECT * FROM assigned_tasks LEFT JOIN tasks ON assigned_tasks.taskid = tasks.taskid WHERE assigned_tasks.userid = '" . $user->getUID() . "' AND assigned_tasks.statusid IN (0,1,3,4) AND taskassignedon <= NOW() AND tasks.deleted = 0 ORDER BY 0 - taskdueby DESC LIMIT $max")->fetchAll();
|
|
$out = ["status" => "OK", "maxresults" => $max, "tasks" => []];
|
|
foreach ($tasks as $task) {
|
|
$icon = "ellipsis-h";
|
|
switch ($task['statusid']) {
|
|
case 1:
|
|
$icon = "play";
|
|
break;
|
|
case 2:
|
|
$icon = "check";
|
|
break;
|
|
case 3:
|
|
$icon = "pause";
|
|
break;
|
|
case 4:
|
|
$icon = "exclamation";
|
|
break;
|
|
}
|
|
$out['tasks'][] = [
|
|
"id" => $task['taskid'],
|
|
"title" => $task['tasktitle'],
|
|
"description" => $task['taskdesc'],
|
|
"assigned" => date("F j, Y, g:i a", strtotime($task['taskassignedon'])),
|
|
"due" => ($task['taskdueby'] > 0 ? date("F j, Y, g:i a", strtotime($task['taskdueby'])) : null),
|
|
"status" => $task['statusid'],
|
|
"icon" => $icon
|
|
];
|
|
}
|
|
exit(json_encode($out));
|
|
case "getmsgs":
|
|
$messages = $database->select(
|
|
'messages', [
|
|
'messageid (id)',
|
|
'messagetext (text)',
|
|
'messagedate (date)',
|
|
'to',
|
|
'from'
|
|
], [
|
|
"AND" => [
|
|
"OR" => [
|
|
"to" => $user->getUID(),
|
|
"to #null" => null,
|
|
"from" => $user->getUID()
|
|
],
|
|
"deleted" => 0
|
|
],
|
|
"ORDER" => [
|
|
"messagedate" => "DESC"
|
|
],
|
|
"LIMIT" => $max]
|
|
);
|
|
|
|
$out = ["status" => "OK", "maxresults" => $max, "messages" => []];
|
|
$usercache = [];
|
|
foreach ($messages as $msg) {
|
|
$to = null;
|
|
if (!isset($usercache[$msg['from']])) {
|
|
$usercache[$msg['from']] = new User($msg['from']);
|
|
}
|
|
if (is_null($msg['to'])) {
|
|
$to['name'] = lang("all users", false);
|
|
$to['username'] = lang("all users", false);
|
|
} else {
|
|
if (!isset($usercache[$msg['to']])) {
|
|
$usercache[$msg['to']] = new User($msg['to']);
|
|
}
|
|
$to = $usercache[$msg['to']];
|
|
}
|
|
|
|
$out['messages'][$msg['id']] = [
|
|
"text" => $msg['text'],
|
|
"from" => [
|
|
"username" => $usercache[$msg['from']]->getUsername(),
|
|
"name" => $usercache[$msg['from']]->getName()
|
|
],
|
|
"to" => [
|
|
"username" => $to->getUsername(),
|
|
"name" => $to->getName()
|
|
],
|
|
"sent" => date("F j, Y, g:i a", strtotime($msg['date']))
|
|
];
|
|
}
|
|
exit(json_encode($out));
|
|
case "updatetask":
|
|
if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $user->getUID()]])) {
|
|
die('{"status": "ERROR", "msg": "You are not assigned to this task!"}');
|
|
}
|
|
|
|
switch ($VARS['status']) {
|
|
case "start":
|
|
$database->update('assigned_tasks', ['starttime' => date("Y-m-d H:i:s"), 'statusid' => 1], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $user->getUID()]]);
|
|
break;
|
|
case "resume":
|
|
if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $user->getUID(), 'starttime[!]' => null]])) {
|
|
die('{"status": "ERROR", "msg": "Cannot resume non-started task."}');
|
|
}
|
|
$database->update('assigned_tasks', ['statusid' => 1], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $user->getUID()]]);
|
|
break;
|
|
case "finish":
|
|
$database->update('assigned_tasks', ['endtime' => date("Y-m-d H:i:s"), 'statusid' => 2], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $user->getUID()]]);
|
|
break;
|
|
case "pause":
|
|
$database->update('assigned_tasks', ['statusid' => 3], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $user->getUID()]]);
|
|
break;
|
|
case "problem":
|
|
$database->update('assigned_tasks', ['statusid' => 4], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $user->getUID()]]);
|
|
break;
|
|
default:
|
|
die('{"status": "ERROR", "msg": "Invalid status requested."}');
|
|
}
|
|
die('{"status": "OK", "msg": "Task updated."}');
|
|
case "sendmsg":
|
|
$msg = strip_tags($VARS['msg']);
|
|
if (user_exists($VARS['to'])) {
|
|
$to = User::byUsername($VARS['to'])->getUID();
|
|
} else {
|
|
die('{"status": "ERROR", "msg": "Invalid user."}');
|
|
}
|
|
if (is_empty($msg)) {
|
|
die('{"status": "ERROR", "msg": "Missing message."}');
|
|
}
|
|
$database->insert('messages', ['messagetext' => $msg, 'messagedate' => date("Y-m-d H:i:s"), 'from' => $user->getUID(), 'to' => $to]);
|
|
die('{"status": "OK"}');
|
|
default:
|
|
header("HTTP/1.1 400 Bad Request");
|
|
die("\"400 Bad Request\"");
|
|
}
|