|
@@ -1,6 +1,191 @@
|
1
|
1
|
<?php
|
2
|
2
|
include "config.php";
|
3
|
3
|
|
4
|
|
-$action = preg_replace('/[^a-z]/','',isset($_GET["action"])?$_GET["action"]:'list');
|
|
4
|
+function connectDatabase($hostname,$username,$password,$database) {
|
|
5
|
+ global $config;
|
|
6
|
+ $mysqli = new mysqli($hostname,$username,$password,$database);
|
|
7
|
+ if ($mysqli->connect_errno) {
|
|
8
|
+ die('Connect failed: '.$mysqli->connect_error);
|
|
9
|
+ }
|
|
10
|
+ return $mysqli;
|
|
11
|
+}
|
|
12
|
+
|
|
13
|
+function parseGetParameter($name,$characters,$default) {
|
|
14
|
+ $value = isset($_GET[$name])?$_GET[$name]:$default;
|
|
15
|
+ return $characters?preg_replace("/[^$characters]/",'',$value):$value;
|
|
16
|
+}
|
5
|
17
|
|
6
|
|
-if (in_array($action,array('list','read','create','update','delete'))) include $action.'.php';
|
|
18
|
+function applyWhitelist($table,$action,$list) {
|
|
19
|
+ if ($list===false) return $table;
|
|
20
|
+ $list = array_filter($list, function($actions){
|
|
21
|
+ return strpos($actions,$action[0])!==false;
|
|
22
|
+ });
|
|
23
|
+ return array_intersect($table, array_keys($list));
|
|
24
|
+
|
|
25
|
+}
|
|
26
|
+
|
|
27
|
+function applyBlacklist($table,$action,$list) {
|
|
28
|
+ if ($list===false) return $table;
|
|
29
|
+ $list = array_filter($list, function($actions) use ($action) {
|
|
30
|
+ return strpos($actions,$action[0])!==false;
|
|
31
|
+ });
|
|
32
|
+ return array_diff($table, array_keys($list));
|
|
33
|
+}
|
|
34
|
+
|
|
35
|
+function applyWhitelistAndBlacklist($table, $action, $whitelist, $blacklist) {
|
|
36
|
+ $table = applyWhitelist($table, $action, $whitelist);
|
|
37
|
+ $table = applyBlacklist($table, $action, $blacklist);
|
|
38
|
+ if (empty($table)) exitWith404();
|
|
39
|
+ return $table;
|
|
40
|
+}
|
|
41
|
+
|
|
42
|
+function processTableParameter($table,$database,$mysqli) {
|
|
43
|
+ global $config;
|
|
44
|
+ $tablelist = explode(',',$table);
|
|
45
|
+ $tables = array();
|
|
46
|
+ foreach ($tablelist as $table) {
|
|
47
|
+ $table = str_replace('*','%',$table);
|
|
48
|
+ if ($result = $mysqli->query("SELECT `TABLE_NAME` FROM `INFORMATION_SCHEMA`.`TABLES` WHERE `TABLE_NAME` LIKE '$table' AND `TABLE_SCHEMA` = '$database'")) {
|
|
49
|
+ while ($row = $result->fetch_row()) $tables[] = $row[0];
|
|
50
|
+ $result->close();
|
|
51
|
+ }
|
|
52
|
+ }
|
|
53
|
+ return $tables;
|
|
54
|
+}
|
|
55
|
+
|
|
56
|
+function findPrimaryKey($table,$database,$mysqli) {
|
|
57
|
+ global $config;
|
|
58
|
+ $keys = array();
|
|
59
|
+ if ($result = $mysqli->query("SELECT `COLUMN_NAME` FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE `COLUMN_KEY` = 'PRI' AND `TABLE_NAME` = '$table[0]' AND `TABLE_SCHEMA` = '$database'")) {
|
|
60
|
+ while ($row = $result->fetch_row()) $keys[] = $row[0];
|
|
61
|
+ $result->close();
|
|
62
|
+ }
|
|
63
|
+ return count($keys)?$keys[0]:false;
|
|
64
|
+}
|
|
65
|
+
|
|
66
|
+function exitWith404() {
|
|
67
|
+ die(header("Content-Type:",true,404));
|
|
68
|
+}
|
|
69
|
+
|
|
70
|
+function startOutput($callback) {
|
|
71
|
+ if ($callback) {
|
|
72
|
+ header("Content-Type: application/javascript");
|
|
73
|
+ echo $callback.'(';
|
|
74
|
+ } else {
|
|
75
|
+ header("Content-Type: application/json");
|
|
76
|
+ }
|
|
77
|
+}
|
|
78
|
+
|
|
79
|
+function endOutput($callback) {
|
|
80
|
+ if ($callback) {
|
|
81
|
+ echo ');';
|
|
82
|
+ }
|
|
83
|
+}
|
|
84
|
+
|
|
85
|
+function processKeyParameter($key,$table,$database,$mysqli) {
|
|
86
|
+ if ($key) {
|
|
87
|
+ $key = array($key,findPrimaryKey($table,$database,$mysqli));
|
|
88
|
+ if ($key[1]===false) exitWith404();
|
|
89
|
+ }
|
|
90
|
+ return $key;
|
|
91
|
+}
|
|
92
|
+
|
|
93
|
+function processFilterParameter($filter) {
|
|
94
|
+ if ($filter) {
|
|
95
|
+ $filter = explode(':',$filter,2);
|
|
96
|
+ if (count($filter)==2) {
|
|
97
|
+ $filter[0] = preg_replace('/[^a-zA-Z0-9\-_]/','',$filter[0]);
|
|
98
|
+ $filter[1] = $mysqli->real_escape_string($filter[1]);
|
|
99
|
+ $filter[2] = 'LIKE';
|
|
100
|
+ if ($match=='any'||$match=='start') $filter[1] .= '%';
|
|
101
|
+ if ($match=='any'||$match=='end') $filter[1] = '%'.$filter[1];
|
|
102
|
+ if ($match=='exact') $filter[2] = '=';
|
|
103
|
+ if ($match=='lower') $filter[2] = '<';
|
|
104
|
+ if ($match=='upto') $filter[2] = '<=';
|
|
105
|
+ if ($match=='from') $filter[2] = '>=';
|
|
106
|
+ if ($match=='higher') $filter[2] = '>';
|
|
107
|
+ } else {
|
|
108
|
+ $filter = false;
|
|
109
|
+ }
|
|
110
|
+ }
|
|
111
|
+ return $filter;
|
|
112
|
+}
|
|
113
|
+
|
|
114
|
+function processPageParameter($page) {
|
|
115
|
+ if ($page) {
|
|
116
|
+ $page = explode(':',$page,2);
|
|
117
|
+ if (count($page)<2) $page[1]=20;
|
|
118
|
+ $page[0] = ($page[0]-1)*$page[1];
|
|
119
|
+ }
|
|
120
|
+ return $page;
|
|
121
|
+}
|
|
122
|
+$action = parseGetParameter('action', 'a-z', 'list');
|
|
123
|
+$table = parseGetParameter('table', 'a-zA-Z0-9\-_*,', '*');
|
|
124
|
+$key = parseGetParameter('key', 'a-zA-Z0-9\-,', false); // auto-increment or uuid
|
|
125
|
+$callback = parseGetParameter('callback', 'a-zA-Z0-9\-_', false);
|
|
126
|
+$page = parseGetParameter('page', '0-9', false);
|
|
127
|
+$filter = parseGetParameter('filter', false, 'start');
|
|
128
|
+$match = parseGetParameter('match', 'a-z', false);
|
|
129
|
+
|
|
130
|
+$mysqli = connectDatabase($config["hostname"], $config["username"], $config["password"], $config["database"]);
|
|
131
|
+
|
|
132
|
+$table = processTableParameter($table,$config["database"],$mysqli);
|
|
133
|
+$key = processKeyParameter($key,$table,$config["database"],$mysqli);
|
|
134
|
+$filter = processFilterParameter($filter);
|
|
135
|
+$page = processPageParameter($page);
|
|
136
|
+
|
|
137
|
+$table = applyWhitelistAndBlacklist($table,$action,$config['whitelist'],$config['blacklist']);
|
|
138
|
+
|
|
139
|
+startOutput($callback);
|
|
140
|
+switch($action){
|
|
141
|
+ case 'list':
|
|
142
|
+ echo '{';
|
|
143
|
+ $tables = $table;
|
|
144
|
+ $first_table = true;
|
|
145
|
+ foreach ($tables as $table) {
|
|
146
|
+ if ($first_table) $first_table = false;
|
|
147
|
+ else echo ',';
|
|
148
|
+ echo '"'.$table.'":{';
|
|
149
|
+ if (is_array($page)) {
|
|
150
|
+ $sql = "SELECT COUNT(*) FROM `$table`";
|
|
151
|
+ if (is_array($filter)) $sql .= " WHERE `$filter[0]` $filter[2] '$filter[1]'";
|
|
152
|
+ if ($result = $mysqli->query($sql)) {
|
|
153
|
+ $pages = $result->fetch_row();
|
|
154
|
+ $pages = floor($pages[0]/$page[1])+1;
|
|
155
|
+ echo '"pages":"'.$pages.'",';
|
|
156
|
+ }
|
|
157
|
+ }
|
|
158
|
+ echo '"columns":';
|
|
159
|
+ $sql = "SELECT * FROM `$table`";
|
|
160
|
+ if (is_array($filter)) $sql .= " WHERE `$filter[0]` $filter[2] '$filter[1]'";
|
|
161
|
+ if (is_array($page)) $sql .= " LIMIT $page[1] OFFSET $page[0]";
|
|
162
|
+ if ($result = $mysqli->query($sql)) {
|
|
163
|
+ $fields = array();
|
|
164
|
+ foreach ($result->fetch_fields() as $field) $fields[] = $field->name;
|
|
165
|
+ echo json_encode($fields);
|
|
166
|
+ echo ',"records":[';
|
|
167
|
+ $first_row = true;
|
|
168
|
+ while ($row = $result->fetch_row()) {
|
|
169
|
+ if ($first_row) $first_row = false;
|
|
170
|
+ else echo ',';
|
|
171
|
+ echo json_encode($row);
|
|
172
|
+ }
|
|
173
|
+ $result->close();
|
|
174
|
+ }
|
|
175
|
+ echo ']}';
|
|
176
|
+ }
|
|
177
|
+ echo '}';
|
|
178
|
+ break;
|
|
179
|
+ case 'read':
|
|
180
|
+ if ($result = $mysqli->query("SELECT * FROM `$table[0]` WHERE `$key[1]` = '$key[0]'")) {
|
|
181
|
+ $value = $result->fetch_assoc();
|
|
182
|
+ echo json_encode($value);
|
|
183
|
+ $result->close();
|
|
184
|
+ }
|
|
185
|
+ break;
|
|
186
|
+ case 'create': break;
|
|
187
|
+ case 'update': break;
|
|
188
|
+ case 'delete': break;
|
|
189
|
+ default: exitWith404();
|
|
190
|
+}
|
|
191
|
+endOutput($callback);
|