nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
181 Commits
1 Branch
Tree: 15ecfea8cd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '15ecfea8cd'
${ noResults }
todo_api/api.php

api.php 23KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761 
  1. <?php

  2. 

  3. class MySQL_CRUD_API extends REST_CRUD_API {

  4. 

  5. 	protected $queries = array(

  6. 		'reflect_table'=>'SELECT "TABLE_NAME" FROM "INFORMATION_SCHEMA"."TABLES" WHERE "TABLE_NAME" LIKE ? AND "TABLE_SCHEMA" = ?',

  7. 		'reflect_pk'=>'SELECT "COLUMN_NAME" FROM "INFORMATION_SCHEMA"."COLUMNS" WHERE "COLUMN_KEY" = \'PRI\' AND "TABLE_NAME" = ? AND "TABLE_SCHEMA" = ?',

  8. 		'reflect_belongs_to'=>'SELECT

  9. 				"TABLE_NAME","COLUMN_NAME",

  10. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  11. 			FROM

  12. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  13. 			WHERE

  14. 				"TABLE_NAME" = ? AND

  15. 				"REFERENCED_TABLE_NAME" IN ? AND

  16. 				"TABLE_SCHEMA" = ? AND

  17. 				"REFERENCED_TABLE_SCHEMA" = ?',

  18. 		'reflect_has_many'=>'SELECT

  19. 				"TABLE_NAME","COLUMN_NAME",

  20. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  21. 			FROM

  22. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  23. 			WHERE

  24. 				"TABLE_NAME" IN ? AND

  25. 				"REFERENCED_TABLE_NAME" = ? AND

  26. 				"TABLE_SCHEMA" = ? AND

  27. 				"REFERENCED_TABLE_SCHEMA" = ?',

  28. 		'reflect_habtm'=>'SELECT

  29. 				k1."TABLE_NAME", k1."COLUMN_NAME",

  30. 				k1."REFERENCED_TABLE_NAME", k1."REFERENCED_COLUMN_NAME",

  31. 				k2."TABLE_NAME", k2."COLUMN_NAME",

  32. 				k2."REFERENCED_TABLE_NAME", k2."REFERENCED_COLUMN_NAME"

  33. 			FROM

  34. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k1, "INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k2

  35. 			WHERE

  36. 				k1."TABLE_SCHEMA" = ? AND

  37. 				k2."TABLE_SCHEMA" = ? AND

  38. 				k1."REFERENCED_TABLE_SCHEMA" = ? AND

  39. 				k2."REFERENCED_TABLE_SCHEMA" = ? AND

  40. 				k1."TABLE_NAME" = k2."TABLE_NAME" AND

  41. 				k1."REFERENCED_TABLE_NAME" = ? AND

  42. 				k2."REFERENCED_TABLE_NAME" IN ?'

  43. 	);

  44. 	

  45. 	protected function connectDatabase($hostname,$username,$password,$database,$port,$socket,$charset) {

  46. 		$db = mysqli_connect($hostname,$username,$password,$database,$port,$socket);

  47. 		if (mysqli_connect_errno()) {

  48. 			throw new \Exception('Connect failed. '.mysqli_connect_error());

  49. 		}

  50. 		if (!mysqli_set_charset($db,$charset)) {

  51. 			throw new \Exception('Error setting charset. '.mysqli_error($db));

  52. 		}

  53. 		if (!mysqli_query($db,'SET SESSION sql_mode = \'ANSI_QUOTES\';')) {

  54. 			throw new \Exception('Error setting ANSI quotes. '.mysqli_error($db));

  55. 		}

  56. 		return $db;

  57. 	}

  58. 	

  59. 	protected function query($db,$sql,$params) {

  60. 		$sql = preg_replace_callback('/\!|\?/', function ($matches) use (&$db,&$params) {

  61. 			$param = array_shift($params);

  62. 			if ($matches[0]=='!') return preg_replace('/[^a-zA-Z0-9\-_=<>]/','',$param);

  63. 			if (is_array($param)) return '('.implode(',',array_map(function($v) use (&$db) {

  64. 				return "'".mysqli_real_escape_string($db,$v)."'";

  65. 			},$param)).')';

  66. 			return "'".mysqli_real_escape_string($db,$param)."'";

  67. 		}, $sql);

  68. 		//echo "\n$sql\n";

  69. 		return mysqli_query($db,$sql);

  70. 	}

  71. 	

  72. 	protected function fetch_assoc($result) {

  73. 		return mysqli_fetch_assoc($result);

  74. 	}

  75. 	

  76. 	protected function fetch_row($result) {

  77. 		return mysqli_fetch_row($result);

  78. 	}

  79. 

  80. 	protected function insert_id($db,$result) {

  81. 		return mysqli_insert_id($db);

  82. 	}

  83. 		

  84. 	protected function affected_rows($db,$result) {

  85. 		return mysqli_affected_rows($db);

  86. 	}

  87. 	

  88. 	protected function close($result) {

  89. 		return mysqli_free_result($result);

  90. 	}

  91. 	

  92. 	protected function fetch_fields($result) {

  93. 		return mysqli_fetch_fields($result);

  94. 	}

  95. 	

  96. 	protected function add_limit_to_sql($sql,$limit,$offset) {

  97. 		return "$sql LIMIT $limit OFFSET $offset";

  98. 	}

  99. 	

  100. 	protected function is_binary_type($field) {

  101. 		//echo "$field->name: $field->type ($field->flags)\n";

  102. 		return ($field->flags & 128);

  103. 	}

  104. 

  105. }

  106. 

  107. class SQLSRV_CRUD_API extends REST_CRUD_API {

  108. 

  109. 	protected $queries = array(

  110. 		'reflect_table'=>'SELECT "TABLE_NAME" FROM "INFORMATION_SCHEMA"."TABLES" WHERE "TABLE_NAME" LIKE ? AND "TABLE_CATALOG" = ?',

  111. 		'reflect_pk'=>'SELECT "COLUMN_NAME" FROM "INFORMATION_SCHEMA"."COLUMNS" WHERE "COLUMN_KEY" = \'PRI\' AND "TABLE_NAME" = ? AND "TABLE_CATALOG" = ?',

  112. 		'reflect_belongs_to'=>'SELECT

  113. 				"TABLE_NAME","COLUMN_NAME",

  114. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  115. 			FROM

  116. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  117. 			WHERE

  118. 				"TABLE_NAME" = ? AND

  119. 				"REFERENCED_TABLE_NAME" IN ? AND

  120. 				"TABLE_CATALOG" = ? AND

  121. 				"REFERENCED_TABLE_CATALOG" = ?',

  122. 		'reflect_has_many'=>'SELECT

  123. 				"TABLE_NAME","COLUMN_NAME",

  124. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  125. 			FROM

  126. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  127. 			WHERE

  128. 				"TABLE_NAME" IN ? AND

  129. 				"REFERENCED_TABLE_NAME" = ? AND

  130. 				"TABLE_CATALOG" = ? AND

  131. 				"REFERENCED_TABLE_CATALOG" = ?',

  132. 		'reflect_habtm'=>'SELECT

  133. 				k1."TABLE_NAME", k1."COLUMN_NAME",

  134. 				k1."REFERENCED_TABLE_NAME", k1."REFERENCED_COLUMN_NAME",

  135. 				k2."TABLE_NAME", k2."COLUMN_NAME",

  136. 				k2."REFERENCED_TABLE_NAME", k2."REFERENCED_COLUMN_NAME"

  137. 			FROM

  138. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k1, "INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k2

  139. 			WHERE

  140. 				k1."TABLE_CATALOG" = ? AND

  141. 				k2."TABLE_CATALOG" = ? AND

  142. 				k1."REFERENCED_TABLE_CATALOG" = ? AND

  143. 				k2."REFERENCED_TABLE_CATALOG" = ? AND

  144. 				k1."TABLE_NAME" = k2."TABLE_NAME" AND

  145. 				k1."REFERENCED_TABLE_NAME" = ? AND

  146. 				k2."REFERENCED_TABLE_NAME" IN ?'

  147. 	);

  148. 

  149. 	protected function connectDatabase($hostname,$username,$password,$database,$port,$socket,$charset) {

  150. 		$connectionInfo = array();

  151. 		if ($port) $hostname.=','.$port;

  152. 		if ($username) $connectionInfo['UID']=$username;

  153. 		if ($password) $connectionInfo['PWD']=$password;

  154. 		if ($database) $connectionInfo['Database']=$database;

  155. 		if ($charset) $connectionInfo['CharacterSet']=$charset;

  156. 		$connectionInfo['QuotedId']=1;

  157. 

  158. 		$db = sqlsrv_connect($hostname, $connectionInfo);

  159. 		if (!$db) {

  160. 			throw new \Exception('Connect failed. '.print_r( sqlsrv_errors(), true));

  161. 		}

  162. 		if ($socket) {

  163. 			throw new \Exception('Socket connection is not supported.');

  164. 		}

  165. 		return $db;

  166. 	}

  167. 

  168. 	protected function query($db,$sql,$params) {

  169. 		$sql = preg_replace_callback('/\!|\?/', function ($matches) use (&$db,&$params) {

  170. 			static $i=-1;

  171. 			$i++;

  172. 			$param = $params[$i];

  173. 			if ($matches[0]=='!') return preg_replace('/[^a-zA-Z0-9\-_=<>]/','',$param);

  174. 			if (is_array($param)) {

  175. 				$params = array_splice($params, $i, 1, $param);

  176. 				return '('.implode(',',split('',str_repeat('?',count($param)))).')';

  177. 			}

  178. 			return '?';

  179. 		}, $sql);

  180. 		return sqlsrv_query($db,$sql,$params);

  181. 	}

  182. 

  183. 	protected function fetch_assoc($result) {

  184. 		return sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC);

  185. 	}

  186. 

  187. 	protected function fetch_row($result) {

  188. 		return sqlsrv_fetch_array($result, SQLSRV_FETCH_NUMERIC);

  189. 	}

  190. 

  191. 	protected function insert_id($db) {

  192. 		$result = sqlsrv_query($db, 'SELECT SCOPE_IDENTITY()');

  193. 		$data = sqlsrv_fetch_array($result, SQLSRV_FETCH_NUMERIC);

  194. 		return $data[0];

  195. 	}

  196. 

  197. 	protected function affected_rows($db,$result) {

  198. 		return sqlsrv_rows_affected($result);

  199. 	}

  200. 

  201. 	protected function close($result) {

  202. 		return sqlsrv_free_stmt($result);

  203. 	}

  204. 

  205. 	protected function fetch_fields($result) {

  206. 		//var_dump(sqlsrv_field_metadata($result));

  207. 		return array_map(function($a){ 

  208. 			$p = array();

  209. 			foreach ($a as $k=>$v) {

  210. 				$p[strtolower($k)] = $v;

  211. 			}

  212. 			return (object)$p;

  213. 		},sqlsrv_field_metadata($result));

  214. 	}

  215. 

  216. 	protected function add_limit_to_sql($sql,$limit,$offset) {

  217. 		return "$sql OFFSET $offset ROWS FETCH NEXT $limit ROWS ONLY";

  218. 	}

  219. 	

  220. 	protected function is_binary_type($field) {

  221. 		return ($field->type>=-4 && $field->type<=-2);

  222. 	}

  223. 

  224. }

  225. 

  226. class REST_CRUD_API {

  227. 

  228. 	protected $config;

  229. 

  230. 	protected function mapMethodToAction($method,$key) {

  231. 		switch ($method) {

  232. 			case 'GET': return $key?'read':'list';

  233. 			case 'PUT': return 'update';

  234. 			case 'POST': return 'create';

  235. 			case 'DELETE': return 'delete';

  236. 			default: $this->exitWith404('method');

  237. 		}

  238. 	}

  239. 

  240. 	protected function parseRequestParameter(&$request,$characters,$default) {

  241. 		if (!count($request)) return $default;

  242. 		$value = array_shift($request);

  243. 		return $characters?preg_replace("/[^$characters]/",'',$value):$value;

  244. 	}

  245. 

  246. 	protected function parseGetParameter($get,$name,$characters,$default) {

  247. 		$value = isset($get[$name])?$get[$name]:$default;

  248. 		return $characters?preg_replace("/[^$characters]/",'',$value):$value;

  249. 	}

  250. 

  251. 	protected function parseGetParameterArray($get,$name,$characters,$default) {

  252. 		$values = isset($get[$name])?$get[$name]:$default;

  253. 		if (!is_array($values)) $values = array($values);

  254. 		if ($characters) {

  255. 			foreach ($values as &$value) {

  256. 				$value = preg_replace("/[^$characters]/",'',$value);

  257. 			}

  258. 		}

  259. 		return $values;

  260. 	}

  261. 	

  262. 	protected function applyPermissions($database, $tables, $action, $permissions, $multidb) {

  263. 		if (in_array(strtolower($database), array('information_schema','mysql','sys'))) return array();

  264. 		$results = array();

  265. 		$permissions = array_change_key_case($permissions,CASE_LOWER);

  266. 		foreach ($tables as $table) {

  267. 			$result = false;

  268. 			$options = $multidb?array("*.*","$database.*","$database.$table"):array("*","$table");

  269. 			$options = array_map('strtolower', $options);

  270. 			foreach ($options as $option) {

  271. 				if (isset($permissions[$option])) {

  272. 					$result = strpos($permissions[$option],$action[0])!==false;

  273. 				}

  274. 			}

  275. 			if ($result) $results[] = $table;				

  276. 		} 

  277. 		return $results;

  278. 	}

  279. 

  280. 	protected function processTableParameter($database,$table,$db) {

  281. 		$tablelist = explode(',',$table);

  282. 		$tables = array();

  283. 		foreach ($tablelist as $table) {

  284. 			$table = str_replace('*','%',$table);

  285. 			if ($result = $this->query($db,$this->queries['reflect_table'],array($table,$database))) {

  286. 				while ($row = $this->fetch_row($result)) $tables[] = $row[0];

  287. 				$this->close($result);

  288. 			}

  289. 		}

  290. 		return $tables;

  291. 	}

  292. 

  293. 	protected function findSinglePrimaryKey($table,$database,$db) {

  294. 		$keys = array();

  295. 		if ($result = $this->query($db,$this->queries['reflect_pk'],array($table[0],$database))) {

  296. 			while ($row = $this->fetch_row($result)) $keys[] = $row[0];

  297. 			$this->close($result);

  298. 		}

  299. 		return count($keys)==1?$keys[0]:false;

  300. 	}

  301. 

  302. 	protected function exitWith404($type) {

  303. 		if (isset($_SERVER['REQUEST_METHOD'])) {

  304. 			header('Content-Type:',true,404);

  305. 			die("Not found ($type)");

  306. 		} else {

  307. 			throw new \Exception("Not found ($type)");

  308. 		}

  309. 	}

  310. 

  311. 	protected function startOutput($callback) {

  312. 		if (isset($_SERVER['REQUEST_METHOD'])) {

  313. 			if ($callback) {

  314. 				header('Content-Type: application/javascript');

  315. 				echo $callback.'(';

  316. 			} else {

  317. 				header('Content-Type: application/json');

  318. 			}

  319. 		}

  320. 	}

  321. 

  322. 	protected function endOutput($callback) {

  323. 		if ($callback) {

  324. 			echo ');';

  325. 		}

  326. 	}

  327. 

  328. 	protected function processKeyParameter($key,$table,$database,$db) {

  329. 		if ($key) {

  330. 			$key = array($key,$this->findSinglePrimaryKey($table,$database,$db));

  331. 			if ($key[1]===false) $this->exitWith404('1pk');

  332. 		}

  333. 		return $key;

  334. 	}

  335. 

  336. 	protected function processOrderParameter($order,$table,$database,$db) {

  337. 		if ($order) {

  338. 			$order = explode(',',$order,2);

  339. 			if (count($order)<2) $order[1]='ASC';

  340. 			$order[1] = strtoupper($order[1])=='DESC'?'DESC':'ASC';

  341. 		}

  342. 		return $order;

  343. 	}

  344. 

  345. 	protected function processFilterParameter($filter,$db) {

  346. 		if ($filter) {

  347. 			$filter = explode(',',$filter,3);

  348. 			if (count($filter)==3) {

  349. 				$match = $filter[1];

  350. 				$filter[1] = 'LIKE';

  351. 				if ($match=='cs') $filter[2] = '%'.addcslashes($filter[2], '%_').'%';

  352. 				if ($match=='sw') $filter[2] = addcslashes($filter[2], '%_').'%';

  353. 				if ($match=='ew') $filter[2] = '%'.addcslashes($filter[2], '%_');

  354. 				if ($match=='eq') $filter[1] = '=';

  355. 				if ($match=='ne') $filter[1] = '!=';

  356. 				if ($match=='lt') $filter[1] = '<';

  357. 				if ($match=='le') $filter[1] = '<=';

  358. 				if ($match=='ge') $filter[1] = '>=';

  359. 				if ($match=='gt') $filter[1] = '>';

  360. 				if ($match=='in') {

  361. 					$filter[1] = 'IN';

  362. 					$filter[2] = explode(',',$filter[2]);

  363. 

  364. 				}

  365. 			} else {

  366. 				$filter = false;

  367. 			}

  368. 		}

  369. 		return $filter;

  370. 	}

  371. 

  372. 	protected function processPageParameter($page) {

  373. 		if ($page) {

  374. 			$page = explode(',',$page,2);

  375. 			if (count($page)<2) $page[1]=20;

  376. 			$page[0] = ($page[0]-1)*$page[1];

  377. 		}

  378. 		return $page;

  379. 	}

  380. 

  381. 	protected function retrieveObject($key,$table,$db) {

  382. 		if (!$key) return false;

  383. 		if ($result = $this->query($db,'SELECT * FROM "!" WHERE "!" = ?',array($table[0],$key[1],$key[0]))) {

  384. 			$object = $this->fetch_assoc($result);

  385. 			$this->close($result);

  386. 		}

  387. 		return $object;

  388. 	}

  389. 

  390. 	protected function createObject($input,$table,$db) {

  391. 		if (!$input) return false;

  392. 		$keys = implode('","',split('', str_repeat('!', count($input))));

  393. 		$values = implode(',',split('', str_repeat('?', count($input))));

  394. 		$params = array_merge(array_keys((array)$input),array_values((array)$input));

  395. 		array_unshift($params, $table[0]);

  396. 		$result = $this->query($db,'INSERT INTO "!" ("'.$keys.'") VALUES ('.$values.')',$params);

  397. 		return $this->insert_id($db,$result);

  398. 	}

  399. 

  400. 	protected function updateObject($key,$input,$table,$db) {

  401. 		if (!$input) return false;

  402. 		$params = array();

  403. 		$sql = 'UPDATE "!" SET ';

  404. 		$params[] = $database;

  405. 		$params[] = $table[0];

  406. 		foreach (array_keys((array)$input) as $i=>$k) {

  407. 			if ($i) $sql .= ',';

  408. 			$v = $input->$k;

  409. 			$sql .= '"!"=?';

  410. 			$params[] = $k;

  411. 			$params[] = $v;

  412. 		}

  413. 		$sql .= ' WHERE "!"=?';

  414. 		$params[] = $key[1];

  415. 		$params[] = $key[0];

  416. 		$result = $this->query($db,$sql,$params);

  417. 		return $this->affected_rows($db, $result);

  418. 	}

  419. 

  420. 	protected function deleteObject($key,$table,$db) {

  421. 		$result = $this->query($db,'DELETE FROM "!" WHERE "!" = ?',array($table[0],$key[1],$key[0]));

  422. 		return $this->affected_rows($db, $result);

  423. 	}

  424. 

  425. 	protected function findRelations($tables,$database,$db) {

  426. 		$collect = array();

  427. 		$select = array();

  428. 		if (count($tables)>1) {

  429. 			$table0 = array_shift($tables);

  430. 			

  431. 			$result = $this->query($db,$this->queries['reflect_belongs_to'],array($table0,$tables,$database,$database));

  432. 			while ($row = $this->fetch_row($result)) {

  433. 				$collect[$row[0]][$row[1]]=array();

  434. 				$select[$row[2]][$row[3]]=array($row[0],$row[1]);

  435. 			}

  436. 			$result = $this->query($db,$this->queries['reflect_has_many'],array($tables,$table0,$database,$database));

  437. 			while ($row = $this->fetch_row($result)) {

  438. 				$collect[$row[2]][$row[3]]=array();

  439. 				$select[$row[0]][$row[1]]=array($row[2],$row[3]);

  440. 			}

  441. 			$result = $this->query($db,$this->queries['reflect_habtm'],array($database,$database,$database,$database,$table0,$tables));

  442. 			while ($row = $this->fetch_row($result)) {

  443. 				$collect[$row[2]][$row[3]]=array();

  444. 				$select[$row[0]][$row[1]]=array($row[2],$row[3]);

  445. 				$collect[$row[4]][$row[5]]=array();

  446. 				$select[$row[6]][$row[7]]=array($row[4],$row[5]);

  447. 			}

  448. 		}

  449. 		return array($collect,$select);

  450. 	}

  451. 

  452. 	protected function getParameters($config) {

  453. 		extract($config);

  454. 		$table     = $this->parseRequestParameter($request, 'a-zA-Z0-9\-_*,', false);

  455. 		$key       = $this->parseRequestParameter($request, 'a-zA-Z0-9\-,', false); // auto-increment or uuid

  456. 		$action    = $this->mapMethodToAction($method,$key);

  457. 		$callback  = $this->parseGetParameter($get, 'callback', 'a-zA-Z0-9\-_', false);

  458. 		$page      = $this->parseGetParameter($get, 'page', '0-9,', false);

  459. 		$filters   = $this->parseGetParameterArray($get, 'filter', false, false);

  460. 		$order     = $this->parseGetParameter($get, 'order', 'a-zA-Z0-9\-_*,', false);

  461. 		$transform = $this->parseGetParameter($get, 'transform', '1', false);

  462. 

  463. 		$table    = $this->processTableParameter($database,$table,$db);

  464. 		$key      = $this->processKeyParameter($key,$table,$database,$db);

  465. 		foreach ($filters as &$filter) {

  466. 			$filter   = $this->processFilterParameter($filter,$db);

  467. 		}

  468. 		$page     = $this->processPageParameter($page);

  469. 		$order    = $this->processOrderParameter($order,$table,$database,$db);

  470. 

  471. 		$table  = $this->applyPermissions($database,$table,$action,$permissions,$multidb);

  472. 		if (empty($table)) $this->exitWith404('entity');

  473. 		

  474. 		$object = $this->retrieveObject($key,$table,$database,$db);

  475. 		$input  = json_decode(file_get_contents($post));

  476. 

  477. 		list($collect,$select) = $this->findRelations($table,$database,$db);

  478. 

  479. 		return compact('action','database','table','key','callback','page','filters','order','transform','db','object','input','collect','select');

  480. 	}

  481. 

  482. 	protected function listCommand($parameters) {

  483. 		extract($parameters);

  484. 		$this->startOutput($callback);

  485. 		echo '{';

  486. 		$tables = $table;

  487. 		$table = array_shift($tables);

  488. 		// first table

  489. 		$count = false;

  490. 		echo '"'.$table.'":{';

  491. 		if (is_array($order) && is_array($page)) {

  492. 			$params = array();

  493. 			$sql = 'SELECT COUNT(*) FROM "!"';

  494. 			$params[] = $table;

  495. 			foreach ($filters as $i=>$filter) {

  496. 				if (is_array($filter)) {

  497. 					$sql .= $i==0?' WHERE ':' AND ';

  498. 					$sql .= '"!" ! ?';

  499. 					$params[] = $filter[0];

  500. 					$params[] = $filter[1];

  501. 					$params[] = $filter[2];

  502. 				}

  503. 			}

  504. 			if ($result = $this->query($db,$sql,$params)) {

  505. 				while ($pages = $this->fetch_row($result)) {

  506. 					$count = $pages[0];

  507. 				}

  508. 			}

  509. 		}

  510. 		$params = array();

  511. 		$sql = 'SELECT * FROM "!"';

  512. 		$params[] = $table;

  513. 		foreach ($filters as $i=>$filter) {

  514. 			if (is_array($filter)) {

  515. 				$sql .= $i==0?' WHERE ':' AND ';

  516. 				$sql .= '"!" ! ?';

  517. 				$params[] = $filter[0];

  518. 				$params[] = $filter[1];

  519. 				$params[] = $filter[2];

  520. 			}

  521. 		}

  522. 		if (is_array($order)) {

  523. 			$sql .= ' ORDER BY "!" !';

  524. 			$params[] = $order[0];

  525. 			$params[] = $order[1];

  526. 		}

  527. 		if (is_array($order) && is_array($page)) {

  528. 			$sql = $this->add_limit_to_sql($sql,$page[1],$page[0]);

  529. 		}

  530. 		if ($result = $this->query($db,$sql,$params)) {

  531. 			echo '"columns":';

  532. 			$fields = array();

  533. 			$base64 = array();

  534. 			foreach ($this->fetch_fields($result) as $field) {

  535. 				$base64[] = $this->is_binary_type($field);

  536. 				$fields[] = $field->name;

  537. 			}

  538. 			echo json_encode($fields);

  539. 			$fields = array_flip($fields);

  540. 			echo ',"records":[';

  541. 			$first_row = true;

  542. 			while ($row = $this->fetch_row($result)) {

  543. 				if ($first_row) $first_row = false;

  544. 				else echo ',';

  545. 				if (isset($collect[$table])) {

  546. 					foreach (array_keys($collect[$table]) as $field) {

  547. 						$collect[$table][$field][] = $row[$fields[$field]];

  548. 					}

  549. 				}

  550. 				foreach ($base64 as $k=>$v) {

  551. 					if ($v) {

  552. 						$row[$k] = base64_encode($row[$k]);

  553. 					}

  554. 				}

  555. 				echo json_encode($row);

  556. 			}

  557. 			$this->close($result);

  558. 			echo ']';

  559. 		}

  560. 		if ($count) echo ',"results":'.$count;

  561. 		echo '}';

  562. 		// prepare for other tables

  563. 		foreach (array_keys($collect) as $t) {

  564. 			if ($t!=$table && !in_array($t,$tables)) {

  565. 				array_unshift($tables,$t);

  566. 			}

  567. 		}

  568. 		// other tables

  569. 		foreach ($tables as $t=>$table) {

  570. 			echo ',';

  571. 			echo '"'.$table.'":{';

  572. 			$params = array();

  573. 			$sql = 'SELECT * FROM "!"';

  574. 			$params[] = $table;

  575. 			if (isset($select[$table])) {

  576. 				$first_row = true;

  577. 				echo '"relations":{';

  578. 				foreach ($select[$table] as $field => $path) {

  579. 					$values = $collect[$path[0]][$path[1]];

  580. 					$sql .= $first_row?' WHERE ':' OR ';

  581. 					$sql .= '"!" IN ?';

  582. 					$params[] = $field;

  583. 					$params[] = $values;

  584. 					if ($first_row) $first_row = false;

  585. 					else echo ',';

  586. 					echo '"'.$field.'":"'.implode('.',$path).'"';

  587. 				}

  588. 				echo '}';

  589. 			}

  590. 			if ($result = $this->query($db,$sql,$params)) {

  591. 				echo ',"columns":';

  592. 				$fields = array();

  593. 				$base64 = array();

  594. 				foreach ($this->fetch_fields($result) as $field) {

  595. 					$base64[] = $this->is_binary_type($field);

  596. 					$fields[] = $field->name;

  597. 				}

  598. 				echo json_encode($fields);

  599. 				$fields = array_flip($fields);

  600. 				echo ',"records":[';

  601. 				$first_row = true;

  602. 				while ($row = $this->fetch_row($result)) {

  603. 					if ($first_row) $first_row = false;

  604. 					else echo ',';

  605. 					if (isset($collect[$table])) {

  606. 						foreach (array_keys($collect[$table]) as $field) {

  607. 							$collect[$table][$field][]=$row[$fields[$field]];

  608. 						}

  609. 					}

  610. 					foreach ($base64 as $k=>$v) {

  611. 						if ($v) {

  612. 							$row[$k] = base64_encode($row[$k]);

  613. 						}

  614. 					}

  615. 					echo json_encode($row);

  616. 				}

  617. 				$this->close($result);

  618. 				echo ']';

  619. 			}

  620. 			echo '}';

  621. 		}

  622. 		echo '}';

  623. 		$this->endOutput($callback);

  624. 	}

  625. 

  626. 	protected function readCommand($parameters) {

  627. 		extract($parameters);

  628. 		if (!$object) $this->exitWith404('object');

  629. 		$this->startOutput($callback);

  630. 		echo json_encode($object);

  631. 		$this->endOutput($callback);

  632. 	}

  633. 

  634. 	protected function createCommand($parameters) {

  635. 		extract($parameters);

  636. 		if (!$input) $this->exitWith404('input');

  637. 		$this->startOutput($callback);

  638. 		echo json_encode($this->createObject($input,$table,$db));

  639. 		$this->endOutput($callback);

  640. 	}

  641. 

  642. 	protected function updateCommand($parameters) {

  643. 		extract($parameters);

  644. 		if (!$input) $this->exitWith404('subject');

  645. 		$this->startOutput($callback);

  646. 		echo json_encode($this->updateObject($key,$input,$table,$db));

  647. 		$this->endOutput($callback);

  648. 	}

  649. 

  650. 	protected function deleteCommand($parameters) {

  651. 		extract($parameters);

  652. 		$this->startOutput($callback);

  653. 		echo json_encode($this->deleteObject($key,$table,$db));

  654. 		$this->endOutput($callback);

  655. 	}

  656. 

  657. 	protected function listCommandTransform($parameters) {

  658. 		if ($parameters['transform']) {

  659. 			ob_start();

  660. 		}

  661. 		$this->listCommand($parameters);

  662. 		if ($parameters['transform']) {

  663. 			$content = ob_get_contents();

  664. 			ob_end_clean();

  665. 			$data = json_decode($content,true);

  666. 			echo json_encode(self::mysql_crud_api_transform($data));

  667. 		}

  668. 	}

  669. 

  670. 	public function __construct($config) {

  671. 		extract($config);

  672. 

  673. 		$hostname = isset($hostname)?$hostname:null;

  674. 		$username = isset($username)?$username:'root';

  675. 		$password = isset($password)?$password:null;

  676. 		$database = isset($database)?$database:false;

  677. 		$port = isset($port)?$port:null;

  678. 		$socket = isset($socket)?$socket:null;

  679. 		$charset = isset($charset)?$charset:'utf8';

  680. 

  681. 		$permissions = isset($permissions)?$permissions:array('*'=>'crudl');

  682. 		

  683. 		$db = isset($db)?$db:null;

  684. 		$method = isset($method)?$method:$_SERVER['REQUEST_METHOD'];

  685. 		$request = isset($request)?$request:(isset($_SERVER['PATH_INFO'])?$_SERVER['PATH_INFO']:'');

  686. 		$get = isset($get)?$get:$_GET;

  687. 		$post = isset($post)?$post:'php://input';

  688. 

  689. 		$request = explode('/', trim($request,'/'));

  690. 

  691. 		$multidb   = !$database;

  692. 		if ($multidb) {

  693. 			$database  = $this->parseRequestParameter($request, 'a-zA-Z0-9\-_,', false);

  694. 		}

  695. 		if (!$db) {

  696. 			$db = $this->connectDatabase($hostname,$username,$password,$database,$port,$socket,$charset);

  697. 		}

  698. 

  699. 		$this->config = compact('method', 'request', 'get', 'post', 'multidb', 'database', 'permissions', 'db');

  700. 	}

  701. 

  702. 	public static function mysql_crud_api_transform(&$tables) {

  703. 		$get_objects = function (&$tables,$table_name,$where_index=false,$match_value=false) use (&$get_objects) {

  704. 			$objects = array();

  705. 			foreach ($tables[$table_name]['records'] as $record) {

  706. 				if ($where_index===false || $record[$where_index]==$match_value) {

  707. 					$object = array();

  708. 					foreach ($tables[$table_name]['columns'] as $index=>$column) {

  709. 						$object[$column] = $record[$index];

  710. 						foreach ($tables as $relation=>$reltable) {

  711. 							if (isset($reltable['relations'])) {

  712. 								foreach ($reltable['relations'] as $key=>$target) {

  713. 									if ($target == "$table_name.$column") {

  714. 										$column_indices = array_flip($reltable['columns']);

  715. 										$object[$relation] = $get_objects($tables,$relation,$column_indices[$key],$record[$index]);

  716. 									}

  717. 								}

  718. 							}

  719. 						}

  720. 					}

  721. 					$objects[] = $object;

  722. 				}

  723. 			}

  724. 			return $objects;

  725. 		};

  726. 		$tree = array();

  727. 		foreach ($tables as $name=>$table) {

  728. 			if (!isset($table['relations'])) {

  729. 				$tree[$name] = $get_objects($tables,$name);

  730. 				if (isset($table['results'])) {

  731. 					$tree['_results'] = $table['results'];

  732. 				}

  733. 			}

  734. 		}

  735. 		return $tree;

  736. 	}

  737. 

  738. 	public function executeCommand() {

  739. 		$parameters = $this->getParameters($this->config);

  740. 		switch($parameters['action']){

  741. 			case 'list': $this->listCommandTransform($parameters); break;

  742. 			case 'read': $this->readCommand($parameters); break;

  743. 			case 'create': $this->createCommand($parameters); break;

  744. 			case 'update': $this->updateCommand($parameters); break;

  745. 			case 'delete': $this->deleteCommand($parameters); break;

  746. 		}

  747. 	}

  748. 

  749. }

  750. 

  751. // only execute this when running in stand-alone mode

  752. if(count(get_required_files())<2) {

  753. 	$api = new SQLSRV_CRUD_API(array(

  754. 		'hostname'=>'(local)',

  755. 		'username'=>'',

  756. 		'password'=>'',

  757. 		'database'=>'xxx',

  758. 		'charset'=>'UTF-8'

  759. 	));

  760. 	$api->executeCommand();

  761. }