nas
/
todo_api
關註 2
收藏 1
複製 0
程式碼 問題管理 1 合併請求 0 版本發佈 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
201 Commit
1 分支
目錄樹: eca76fd129
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'eca76fd129'
${ noResults }
todo_api/api.php

api.php 24KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776 
  1. <?php

  2. 

  3. class MySQL_CRUD_API extends REST_CRUD_API {

  4. 

  5. 	protected $queries = array(

  6. 		'reflect_table'=>'SELECT "TABLE_NAME" FROM "INFORMATION_SCHEMA"."TABLES" WHERE "TABLE_NAME" LIKE ? AND "TABLE_SCHEMA" = ?',

  7. 		'reflect_pk'=>'SELECT "COLUMN_NAME" FROM "INFORMATION_SCHEMA"."COLUMNS" WHERE "COLUMN_KEY" = \'PRI\' AND "TABLE_NAME" = ? AND "TABLE_SCHEMA" = ?',

  8. 		'reflect_belongs_to'=>'SELECT

  9. 				"TABLE_NAME","COLUMN_NAME",

  10. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  11. 			FROM

  12. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  13. 			WHERE

  14. 				"TABLE_NAME" = ? AND

  15. 				"REFERENCED_TABLE_NAME" IN ? AND

  16. 				"TABLE_SCHEMA" = ? AND

  17. 				"REFERENCED_TABLE_SCHEMA" = ?',

  18. 		'reflect_has_many'=>'SELECT

  19. 				"TABLE_NAME","COLUMN_NAME",

  20. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  21. 			FROM

  22. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  23. 			WHERE

  24. 				"TABLE_NAME" IN ? AND

  25. 				"REFERENCED_TABLE_NAME" = ? AND

  26. 				"TABLE_SCHEMA" = ? AND

  27. 				"REFERENCED_TABLE_SCHEMA" = ?',

  28. 		'reflect_habtm'=>'SELECT

  29. 				k1."TABLE_NAME", k1."COLUMN_NAME",

  30. 				k1."REFERENCED_TABLE_NAME", k1."REFERENCED_COLUMN_NAME",

  31. 				k2."TABLE_NAME", k2."COLUMN_NAME",

  32. 				k2."REFERENCED_TABLE_NAME", k2."REFERENCED_COLUMN_NAME"

  33. 			FROM

  34. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k1, "INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k2

  35. 			WHERE

  36. 				k1."TABLE_SCHEMA" = ? AND

  37. 				k2."TABLE_SCHEMA" = ? AND

  38. 				k1."REFERENCED_TABLE_SCHEMA" = ? AND

  39. 				k2."REFERENCED_TABLE_SCHEMA" = ? AND

  40. 				k1."TABLE_NAME" = k2."TABLE_NAME" AND

  41. 				k1."REFERENCED_TABLE_NAME" = ? AND

  42. 				k2."REFERENCED_TABLE_NAME" IN ?'

  43. 	);

  44. 	

  45. 	protected function connectDatabase($hostname,$username,$password,$database,$port,$socket,$charset) {

  46. 		$db = mysqli_connect($hostname,$username,$password,$database,$port,$socket);

  47. 		if (mysqli_connect_errno()) {

  48. 			throw new \Exception('Connect failed. '.mysqli_connect_error());

  49. 		}

  50. 		if (!mysqli_set_charset($db,$charset)) {

  51. 			throw new \Exception('Error setting charset. '.mysqli_error($db));

  52. 		}

  53. 		if (!mysqli_query($db,'SET SESSION sql_mode = \'ANSI_QUOTES\';')) {

  54. 			throw new \Exception('Error setting ANSI quotes. '.mysqli_error($db));

  55. 		}

  56. 		return $db;

  57. 	}

  58. 	

  59. 	protected function query($db,$sql,$params) {

  60. 		$sql = preg_replace_callback('/\!|\?/', function ($matches) use (&$db,&$params) {

  61. 			$param = array_shift($params);

  62. 			if ($matches[0]=='!') return preg_replace('/[^a-zA-Z0-9\-_=<>]/','',$param);

  63. 			if (is_array($param)) return '('.implode(',',array_map(function($v) use (&$db) {

  64. 				return "'".mysqli_real_escape_string($db,$v)."'";

  65. 			},$param)).')';

  66. 			return "'".mysqli_real_escape_string($db,$param)."'";

  67. 		}, $sql);

  68. 		//echo "\n$sql\n";

  69. 		return mysqli_query($db,$sql);

  70. 	}

  71. 	

  72. 	protected function fetch_assoc($result) {

  73. 		return mysqli_fetch_assoc($result);

  74. 	}

  75. 	

  76. 	protected function fetch_row($result) {

  77. 		return mysqli_fetch_row($result);

  78. 	}

  79. 

  80. 	protected function insert_id($db,$result) {

  81. 		return mysqli_insert_id($db);

  82. 	}

  83. 		

  84. 	protected function affected_rows($db,$result) {

  85. 		return mysqli_affected_rows($db);

  86. 	}

  87. 	

  88. 	protected function close($result) {

  89. 		return mysqli_free_result($result);

  90. 	}

  91. 	

  92. 	protected function fetch_fields($result) {

  93. 		return mysqli_fetch_fields($result);

  94. 	}

  95. 	

  96. 	protected function add_limit_to_sql($sql,$limit,$offset) {

  97. 		return "$sql LIMIT $limit OFFSET $offset";

  98. 	}

  99. 	

  100. 	protected function is_binary_type($field) {

  101. 		//echo "$field->name: $field->type ($field->flags)\n";

  102. 		return (($field->flags & 128) && ($field->type==252));

  103. 	}

  104. 

  105. }

  106. 

  107. class SQLSRV_CRUD_API extends REST_CRUD_API {

  108. 

  109. 	protected $queries = array(

  110. 		'reflect_table'=>'SELECT "TABLE_NAME" FROM "INFORMATION_SCHEMA"."TABLES" WHERE "TABLE_NAME" LIKE ? AND "TABLE_CATALOG" = ?',

  111. 		'reflect_pk'=>'SELECT "COLUMN_NAME" FROM "INFORMATION_SCHEMA"."COLUMNS" WHERE "COLUMN_KEY" = \'PRI\' AND "TABLE_NAME" = ? AND "TABLE_CATALOG" = ?',

  112. 		'reflect_belongs_to'=>'SELECT

  113. 				"TABLE_NAME","COLUMN_NAME",

  114. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  115. 			FROM

  116. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  117. 			WHERE

  118. 				"TABLE_NAME" = ? AND

  119. 				"REFERENCED_TABLE_NAME" IN ? AND

  120. 				"TABLE_CATALOG" = ? AND

  121. 				"REFERENCED_TABLE_CATALOG" = ?',

  122. 		'reflect_has_many'=>'SELECT

  123. 				"TABLE_NAME","COLUMN_NAME",

  124. 				"REFERENCED_TABLE_NAME","REFERENCED_COLUMN_NAME"

  125. 			FROM

  126. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE"

  127. 			WHERE

  128. 				"TABLE_NAME" IN ? AND

  129. 				"REFERENCED_TABLE_NAME" = ? AND

  130. 				"TABLE_CATALOG" = ? AND

  131. 				"REFERENCED_TABLE_CATALOG" = ?',

  132. 		'reflect_habtm'=>'SELECT

  133. 				k1."TABLE_NAME", k1."COLUMN_NAME",

  134. 				k1."REFERENCED_TABLE_NAME", k1."REFERENCED_COLUMN_NAME",

  135. 				k2."TABLE_NAME", k2."COLUMN_NAME",

  136. 				k2."REFERENCED_TABLE_NAME", k2."REFERENCED_COLUMN_NAME"

  137. 			FROM

  138. 				"INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k1, "INFORMATION_SCHEMA"."KEY_COLUMN_USAGE" k2

  139. 			WHERE

  140. 				k1."TABLE_CATALOG" = ? AND

  141. 				k2."TABLE_CATALOG" = ? AND

  142. 				k1."REFERENCED_TABLE_CATALOG" = ? AND

  143. 				k2."REFERENCED_TABLE_CATALOG" = ? AND

  144. 				k1."TABLE_NAME" = k2."TABLE_NAME" AND

  145. 				k1."REFERENCED_TABLE_NAME" = ? AND

  146. 				k2."REFERENCED_TABLE_NAME" IN ?'

  147. 	);

  148. 

  149. 	protected function connectDatabase($hostname,$username,$password,$database,$port,$socket,$charset) {

  150. 		$connectionInfo = array();

  151. 		if ($port) $hostname.=','.$port;

  152. 		if ($username) $connectionInfo['UID']=$username;

  153. 		if ($password) $connectionInfo['PWD']=$password;

  154. 		if ($database) $connectionInfo['Database']=$database;

  155. 		if ($charset) $connectionInfo['CharacterSet']=$charset;

  156. 		$connectionInfo['QuotedId']=1;

  157. 

  158. 		$db = sqlsrv_connect($hostname, $connectionInfo);

  159. 		if (!$db) {

  160. 			throw new \Exception('Connect failed. '.print_r( sqlsrv_errors(), true));

  161. 		}

  162. 		if ($socket) {

  163. 			throw new \Exception('Socket connection is not supported.');

  164. 		}

  165. 		return $db;

  166. 	}

  167. 

  168. 	protected function query($db,$sql,$params) {

  169. 		$args = array();

  170. 		$sql = preg_replace_callback('/\!|\?/', function ($matches) use (&$db,&$params,&$args) {

  171. 			static $i=-1;

  172. 			$i++;

  173. 			$param = $params[$i];

  174. 			if ($matches[0]=='!') {

  175. 				return preg_replace('/[^a-zA-Z0-9\-_=<>]/','',$param);

  176. 			}

  177. 			if (is_array($param)) {

  178. 				$args = array_merge($args,$param);

  179. 				return '('.implode(',',str_split(str_repeat('?',count($param)))).')';

  180. 			}

  181. 			$args[] = $param;

  182. 			return '?';

  183. 		}, $sql);

  184. 		//echo "\n$sql\n";

  185. 		//var_dump($args);

  186. 		return sqlsrv_query($db,$sql,$args);

  187. 	}

  188. 

  189. 	protected function fetch_assoc($result) {

  190. 		return sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC);

  191. 	}

  192. 

  193. 	protected function fetch_row($result) {

  194. 		return sqlsrv_fetch_array($result, SQLSRV_FETCH_NUMERIC);

  195. 	}

  196. 

  197. 	protected function insert_id($db) {

  198. 		$result = sqlsrv_query($db, 'SELECT SCOPE_IDENTITY()');

  199. 		$data = sqlsrv_fetch_array($result, SQLSRV_FETCH_NUMERIC);

  200. 		return $data[0];

  201. 	}

  202. 

  203. 	protected function affected_rows($db,$result) {

  204. 		return sqlsrv_rows_affected($result);

  205. 	}

  206. 

  207. 	protected function close($result) {

  208. 		return sqlsrv_free_stmt($result);

  209. 	}

  210. 

  211. 	protected function fetch_fields($result) {

  212. 		//var_dump(sqlsrv_field_metadata($result));

  213. 		return array_map(function($a){ 

  214. 			$p = array();

  215. 			foreach ($a as $k=>$v) {

  216. 				$p[strtolower($k)] = $v;

  217. 			}

  218. 			return (object)$p;

  219. 		},sqlsrv_field_metadata($result));

  220. 	}

  221. 

  222. 	protected function add_limit_to_sql($sql,$limit,$offset) {

  223. 		return "$sql OFFSET $offset ROWS FETCH NEXT $limit ROWS ONLY";

  224. 	}

  225. 	

  226. 	protected function is_binary_type($field) {

  227. 		return ($field->type>=-4 && $field->type<=-2);

  228. 	}

  229. 

  230. }

  231. 

  232. class REST_CRUD_API {

  233. 

  234. 	protected $config;

  235. 

  236. 	protected function mapMethodToAction($method,$key) {

  237. 		switch ($method) {

  238. 			case 'GET': return $key?'read':'list';

  239. 			case 'PUT': return 'update';

  240. 			case 'POST': return 'create';

  241. 			case 'DELETE': return 'delete';

  242. 			default: $this->exitWith404('method');

  243. 		}

  244. 	}

  245. 

  246. 	protected function parseRequestParameter(&$request,$characters,$default) {

  247. 		if (!count($request)) return $default;

  248. 		$value = array_shift($request);

  249. 		return $characters?preg_replace("/[^$characters]/",'',$value):$value;

  250. 	}

  251. 

  252. 	protected function parseGetParameter($get,$name,$characters,$default) {

  253. 		$value = isset($get[$name])?$get[$name]:$default;

  254. 		return $characters?preg_replace("/[^$characters]/",'',$value):$value;

  255. 	}

  256. 

  257. 	protected function parseGetParameterArray($get,$name,$characters,$default) {

  258. 		$values = isset($get[$name])?$get[$name]:$default;

  259. 		if (!is_array($values)) $values = array($values);

  260. 		if ($characters) {

  261. 			foreach ($values as &$value) {

  262. 				$value = preg_replace("/[^$characters]/",'',$value);

  263. 			}

  264. 		}

  265. 		return $values;

  266. 	}

  267. 	

  268. 	protected function applyPermissions($database, $tables, $action, $permissions, $multidb) {

  269. 		if (in_array(strtolower($database), array('information_schema','mysql','sys'))) return array();

  270. 		$results = array();

  271. 		$permissions = array_change_key_case($permissions,CASE_LOWER);

  272. 		foreach ($tables as $table) {

  273. 			$result = false;

  274. 			$options = $multidb?array("*.*","$database.*","$database.$table"):array("*","$table");

  275. 			$options = array_map('strtolower', $options);

  276. 			foreach ($options as $option) {

  277. 				if (isset($permissions[$option])) {

  278. 					$result = strpos($permissions[$option],$action[0])!==false;

  279. 				}

  280. 			}

  281. 			if ($result) $results[] = $table;				

  282. 		} 

  283. 		return $results;

  284. 	}

  285. 

  286. 	protected function processTableParameter($database,$table,$db) {

  287. 		$tablelist = explode(',',$table);

  288. 		$tables = array();

  289. 		foreach ($tablelist as $table) {

  290. 			$table = str_replace('*','%',$table);

  291. 			if ($result = $this->query($db,$this->queries['reflect_table'],array($table,$database))) {

  292. 				while ($row = $this->fetch_row($result)) $tables[] = $row[0];

  293. 				$this->close($result);

  294. 			}

  295. 		}

  296. 		return $tables;

  297. 	}

  298. 

  299. 	protected function findSinglePrimaryKey($table,$database,$db) {

  300. 		$keys = array();

  301. 		if ($result = $this->query($db,$this->queries['reflect_pk'],array($table[0],$database))) {

  302. 			while ($row = $this->fetch_row($result)) $keys[] = $row[0];

  303. 			$this->close($result);

  304. 		}

  305. 		return count($keys)==1?$keys[0]:false;

  306. 	}

  307. 

  308. 	protected function exitWith404($type) {

  309. 		if (isset($_SERVER['REQUEST_METHOD'])) {

  310. 			header('Content-Type:',true,404);

  311. 			die("Not found ($type)");

  312. 		} else {

  313. 			throw new \Exception("Not found ($type)");

  314. 		}

  315. 	}

  316. 

  317. 	protected function startOutput($callback) {

  318. 		if (isset($_SERVER['REQUEST_METHOD'])) {

  319. 			header('Access-Control-Allow-Origin: *');

  320. 			if ($callback) {

  321. 				header('Content-Type: application/javascript');

  322. 				echo $callback.'(';

  323. 			} else {

  324. 				header('Content-Type: application/json');

  325. 			}

  326. 		}

  327. 	}

  328. 

  329. 	protected function endOutput($callback) {

  330. 		if ($callback) {

  331. 			echo ');';

  332. 		}

  333. 	}

  334. 

  335. 	protected function processKeyParameter($key,$table,$database,$db) {

  336. 		if ($key) {

  337. 			$key = array($key,$this->findSinglePrimaryKey($table,$database,$db));

  338. 			if ($key[1]===false) $this->exitWith404('1pk');

  339. 		}

  340. 		return $key;

  341. 	}

  342. 

  343. 	protected function processOrderParameter($order,$table,$database,$db) {

  344. 		if ($order) {

  345. 			$order = explode(',',$order,2);

  346. 			if (count($order)<2) $order[1]='ASC';

  347. 			$order[1] = strtoupper($order[1])=='DESC'?'DESC':'ASC';

  348. 		}

  349. 		return $order;

  350. 	}

  351. 

  352. 	protected function processFilterParameter($filter,$db) {

  353. 		if ($filter) {

  354. 			$filter = explode(',',$filter,3);

  355. 			if (count($filter)==3) {

  356. 				$match = $filter[1];

  357. 				$filter[1] = 'LIKE';

  358. 				if ($match=='cs') $filter[2] = '%'.addcslashes($filter[2], '%_').'%';

  359. 				if ($match=='sw') $filter[2] = addcslashes($filter[2], '%_').'%';

  360. 				if ($match=='ew') $filter[2] = '%'.addcslashes($filter[2], '%_');

  361. 				if ($match=='eq') $filter[1] = '=';

  362. 				if ($match=='ne') $filter[1] = '<>';

  363. 				if ($match=='lt') $filter[1] = '<';

  364. 				if ($match=='le') $filter[1] = '<=';

  365. 				if ($match=='ge') $filter[1] = '>=';

  366. 				if ($match=='gt') $filter[1] = '>';

  367. 				if ($match=='in') {

  368. 					$filter[1] = 'IN';

  369. 					$filter[2] = explode(',',$filter[2]);

  370. 

  371. 				}

  372. 			} else {

  373. 				$filter = false;

  374. 			}

  375. 		}

  376. 		return $filter;

  377. 	}

  378. 

  379. 	protected function processPageParameter($page) {

  380. 		if ($page) {

  381. 			$page = explode(',',$page,2);

  382. 			if (count($page)<2) $page[1]=20;

  383. 			$page[0] = ($page[0]-1)*$page[1];

  384. 		}

  385. 		return $page;

  386. 	}

  387. 

  388. 	protected function retrieveObject($key,$table,$db) {

  389. 		if (!$key) return false;

  390. 		if ($result = $this->query($db,'SELECT * FROM "!" WHERE "!" = ?',array($table[0],$key[1],$key[0]))) {

  391. 			$object = $this->fetch_assoc($result);

  392. 			$this->close($result);

  393. 		}

  394. 		return $object;

  395. 	}

  396. 

  397. 	protected function createObject($input,$table,$db) {

  398. 		if (!$input) return false;

  399. 		$keys = implode('","',str_split(str_repeat('!', count($input))));

  400. 		$values = implode(',',str_split(str_repeat('?', count($input))));

  401. 		$params = array_merge(array_keys((array)$input),array_values((array)$input));

  402. 		array_unshift($params, $table[0]);

  403. 		$result = $this->query($db,'INSERT INTO "!" ("'.$keys.'") VALUES ('.$values.')',$params);

  404. 		return $this->insert_id($db,$result);

  405. 	}

  406. 

  407. 	protected function updateObject($key,$input,$table,$db) {

  408. 		if (!$input) return false;

  409. 		$params = array();

  410. 		$sql = 'UPDATE "!" SET ';

  411. 		$params[] = $table[0];

  412. 		foreach (array_keys($input) as $i=>$k) {

  413. 			if ($i) $sql .= ',';

  414. 			$v = $input[$k];

  415. 			$sql .= '"!"=?';

  416. 			$params[] = $k;

  417. 			$params[] = $v;

  418. 		}

  419. 		$sql .= ' WHERE "!"=?';

  420. 		$params[] = $key[1];

  421. 		$params[] = $key[0];

  422. 		$result = $this->query($db,$sql,$params);

  423. 		return $this->affected_rows($db, $result);

  424. 	}

  425. 

  426. 	protected function deleteObject($key,$table,$db) {

  427. 		$result = $this->query($db,'DELETE FROM "!" WHERE "!" = ?',array($table[0],$key[1],$key[0]));

  428. 		return $this->affected_rows($db, $result);

  429. 	}

  430. 

  431. 	protected function findRelations($tables,$database,$db) {

  432. 		$collect = array();

  433. 		$select = array();

  434. 		if (count($tables)>1) {

  435. 			$table0 = array_shift($tables);

  436. 			

  437. 			$result = $this->query($db,$this->queries['reflect_belongs_to'],array($table0,$tables,$database,$database));

  438. 			while ($row = $this->fetch_row($result)) {

  439. 				$collect[$row[0]][$row[1]]=array();

  440. 				$select[$row[2]][$row[3]]=array($row[0],$row[1]);

  441. 			}

  442. 			$result = $this->query($db,$this->queries['reflect_has_many'],array($tables,$table0,$database,$database));

  443. 			while ($row = $this->fetch_row($result)) {

  444. 				$collect[$row[2]][$row[3]]=array();

  445. 				$select[$row[0]][$row[1]]=array($row[2],$row[3]);

  446. 			}

  447. 			$result = $this->query($db,$this->queries['reflect_habtm'],array($database,$database,$database,$database,$table0,$tables));

  448. 			while ($row = $this->fetch_row($result)) {

  449. 				$collect[$row[2]][$row[3]]=array();

  450. 				$select[$row[0]][$row[1]]=array($row[2],$row[3]);

  451. 				$collect[$row[4]][$row[5]]=array();

  452. 				$select[$row[6]][$row[7]]=array($row[4],$row[5]);

  453. 			}

  454. 		}

  455. 		return array($collect,$select);

  456. 	}

  457. 

  458. 	protected function getParameters($config) {

  459. 		extract($config);

  460. 		$table     = $this->parseRequestParameter($request, 'a-zA-Z0-9\-_*,', false);

  461. 		$key       = $this->parseRequestParameter($request, 'a-zA-Z0-9\-,', false); // auto-increment or uuid

  462. 		$action    = $this->mapMethodToAction($method,$key);

  463. 		$callback  = $this->parseGetParameter($get, 'callback', 'a-zA-Z0-9\-_', false);

  464. 		$page      = $this->parseGetParameter($get, 'page', '0-9,', false);

  465. 		$filters   = $this->parseGetParameterArray($get, 'filter', false, false);

  466. 		$satisfy   = $this->parseGetParameter($get, 'satisfy', 'a-z', 'all');

  467. 		$columns   = $this->parseGetParameter($get, 'columns', 'a-zA-Z0-9\-_,', false);

  468. 		$order     = $this->parseGetParameter($get, 'order', 'a-zA-Z0-9\-_*,', false);

  469. 		$transform = $this->parseGetParameter($get, 'transform', '1', false);

  470. 		

  471. 		$table    = $this->processTableParameter($database,$table,$db);

  472. 		$key      = $this->processKeyParameter($key,$table,$database,$db);

  473. 		foreach ($filters as &$filter) $filter = $this->processFilterParameter($filter,$db);

  474. 		if ($columns) $columns = explode(',',$columns);

  475. 		$page     = $this->processPageParameter($page);

  476. 		$order    = $this->processOrderParameter($order,$table,$database,$db);

  477. 		

  478. 		$table  = $this->applyPermissions($database,$table,$action,$permissions,$multidb);

  479. 		if (empty($table)) $this->exitWith404('entity');

  480. 		

  481. 		$object = $this->retrieveObject($key,$table,$db);

  482. 		$input  = json_decode(file_get_contents($post),true);

  483. 		

  484. 		list($collect,$select) = $this->findRelations($table,$database,$db);

  485. 

  486. 		return compact('action','database','table','key','callback','page','filters','satisfy','columns','order','transform','db','object','input','collect','select');

  487. 	}

  488. 

  489. 	protected function listCommand($parameters) {

  490. 		extract($parameters);

  491. 		$this->startOutput($callback);

  492. 		echo '{';

  493. 		$tables = $table;

  494. 		$table = array_shift($tables);

  495. 		// first table

  496. 		$count = false;

  497. 		echo '"'.$table.'":{';

  498. 		if (is_array($order) && is_array($page)) {

  499. 			$params = array();

  500. 			$sql = 'SELECT COUNT(*) FROM "!"';

  501. 			$params[] = $table;

  502. 			foreach ($filters as $i=>$filter) {

  503. 				if (is_array($filter)) {

  504. 					$sql .= $i==0?' WHERE ':($satisfy=='all'?' AND ':' OR ');

  505. 					$sql .= '"!" ! ?';

  506. 					$params[] = $filter[0];

  507. 					$params[] = $filter[1];

  508. 					$params[] = $filter[2];

  509. 				}

  510. 			}

  511. 			if ($result = $this->query($db,$sql,$params)) {

  512. 				while ($pages = $this->fetch_row($result)) {

  513. 					$count = $pages[0];

  514. 				}

  515. 			}

  516. 		}

  517. 		$params = array();

  518. 		$sql = 'SELECT ';

  519. 		if (is_array($columns)) {

  520. 			$sql .= '"'.implode('","',$columns).'"';

  521. 		} else {

  522. 			$sql .= '*';

  523. 		}

  524. 		$sql .= ' FROM "!"';

  525. 		$params[] = $table;

  526. 		foreach ($filters as $i=>$filter) {

  527. 			if (is_array($filter)) {

  528. 				$sql .= $i==0?' WHERE ':($satisfy=='all'?' AND ':' OR ');

  529. 				$sql .= '"!" ! ?';

  530. 				$params[] = $filter[0];

  531. 				$params[] = $filter[1];

  532. 				$params[] = $filter[2];

  533. 			}

  534. 		}

  535. 		if (is_array($order)) {

  536. 			$sql .= ' ORDER BY "!" !';

  537. 			$params[] = $order[0];

  538. 			$params[] = $order[1];

  539. 		}

  540. 		if (is_array($order) && is_array($page)) {

  541. 			$sql = $this->add_limit_to_sql($sql,$page[1],$page[0]);

  542. 		}

  543. 		if ($result = $this->query($db,$sql,$params)) {

  544. 			echo '"columns":';

  545. 			$fields = array();

  546. 			$base64 = array();

  547. 			foreach ($this->fetch_fields($result) as $field) {

  548. 				$base64[] = $this->is_binary_type($field);

  549. 				$fields[] = $field->name;

  550. 			}

  551. 			echo json_encode($fields);

  552. 			$fields = array_flip($fields);

  553. 			echo ',"records":[';

  554. 			$first_row = true;

  555. 			while ($row = $this->fetch_row($result)) {

  556. 				if ($first_row) $first_row = false;

  557. 				else echo ',';

  558. 				if (isset($collect[$table])) {

  559. 					foreach (array_keys($collect[$table]) as $field) {

  560. 						$collect[$table][$field][] = $row[$fields[$field]];

  561. 					}

  562. 				}

  563. 				foreach ($base64 as $k=>$v) {

  564. 					if ($v) {

  565. 						$row[$k] = base64_encode($row[$k]);

  566. 					}

  567. 				}

  568. 				echo json_encode($row);

  569. 			}

  570. 			$this->close($result);

  571. 			echo ']';

  572. 			if ($count) echo ',';

  573. 		}

  574. 		if ($count) echo '"results":'.$count;

  575. 		echo '}';

  576. 		// prepare for other tables

  577. 		foreach (array_keys($collect) as $t) {

  578. 			if ($t!=$table && !in_array($t,$tables)) {

  579. 				array_unshift($tables,$t);

  580. 			}

  581. 		}

  582. 		// other tables

  583. 		foreach ($tables as $t=>$table) {

  584. 			echo ',';

  585. 			echo '"'.$table.'":{';

  586. 			$params = array();

  587. 			$sql = 'SELECT * FROM "!"';

  588. 			$params[] = $table;

  589. 			if (isset($select[$table])) {

  590. 				$first_row = true;

  591. 				echo '"relations":{';

  592. 				foreach ($select[$table] as $field => $path) {

  593. 					$values = $collect[$path[0]][$path[1]];

  594. 					$sql .= $first_row?' WHERE ':' OR ';

  595. 					$sql .= '"!" IN ?';

  596. 					$params[] = $field;

  597. 					$params[] = $values;

  598. 					if ($first_row) $first_row = false;

  599. 					else echo ',';

  600. 					echo '"'.$field.'":"'.implode('.',$path).'"';

  601. 				}

  602. 				echo '}';

  603. 			}

  604. 			if ($result = $this->query($db,$sql,$params)) {

  605. 				echo ',"columns":';

  606. 				$fields = array();

  607. 				$base64 = array();

  608. 				foreach ($this->fetch_fields($result) as $field) {

  609. 					$base64[] = $this->is_binary_type($field);

  610. 					$fields[] = $field->name;

  611. 				}

  612. 				echo json_encode($fields);

  613. 				$fields = array_flip($fields);

  614. 				echo ',"records":[';

  615. 				$first_row = true;

  616. 				while ($row = $this->fetch_row($result)) {

  617. 					if ($first_row) $first_row = false;

  618. 					else echo ',';

  619. 					if (isset($collect[$table])) {

  620. 						foreach (array_keys($collect[$table]) as $field) {

  621. 							$collect[$table][$field][]=$row[$fields[$field]];

  622. 						}

  623. 					}

  624. 					foreach ($base64 as $k=>$v) {

  625. 						if ($v) {

  626. 							$row[$k] = base64_encode($row[$k]);

  627. 						}

  628. 					}

  629. 					echo json_encode($row);

  630. 				}

  631. 				$this->close($result);

  632. 				echo ']';

  633. 			}

  634. 			echo '}';

  635. 		}

  636. 		echo '}';

  637. 		$this->endOutput($callback);

  638. 	}

  639. 

  640. 	protected function readCommand($parameters) {

  641. 		extract($parameters);

  642. 		if (!$object) $this->exitWith404('object');

  643. 		$this->startOutput($callback);

  644. 		echo json_encode($object);

  645. 		$this->endOutput($callback);

  646. 	}

  647. 

  648. 	protected function createCommand($parameters) {

  649. 		extract($parameters);

  650. 		if (!$input) $this->exitWith404('input');

  651. 		$this->startOutput($callback);

  652. 		echo json_encode($this->createObject($input,$table,$db));

  653. 		$this->endOutput($callback);

  654. 	}

  655. 

  656. 	protected function updateCommand($parameters) {

  657. 		extract($parameters);

  658. 		if (!$input) $this->exitWith404('subject');

  659. 		$this->startOutput($callback);

  660. 		echo json_encode($this->updateObject($key,$input,$table,$db));

  661. 		$this->endOutput($callback);

  662. 	}

  663. 

  664. 	protected function deleteCommand($parameters) {

  665. 		extract($parameters);

  666. 		$this->startOutput($callback);

  667. 		echo json_encode($this->deleteObject($key,$table,$db));

  668. 		$this->endOutput($callback);

  669. 	}

  670. 

  671. 	protected function listCommandTransform($parameters) {

  672. 		if ($parameters['transform']) {

  673. 			ob_start();

  674. 		}

  675. 		$this->listCommand($parameters);

  676. 		if ($parameters['transform']) {

  677. 			$content = ob_get_contents();

  678. 			ob_end_clean();

  679. 			$data = json_decode($content,true);

  680. 			echo json_encode(self::mysql_crud_api_transform($data));

  681. 		}

  682. 	}

  683. 

  684. 	public function __construct($config) {

  685. 		extract($config);

  686. 

  687. 		$hostname = isset($hostname)?$hostname:null;

  688. 		$username = isset($username)?$username:'root';

  689. 		$password = isset($password)?$password:null;

  690. 		$database = isset($database)?$database:false;

  691. 		$port = isset($port)?$port:null;

  692. 		$socket = isset($socket)?$socket:null;

  693. 		$charset = isset($charset)?$charset:'utf8';

  694. 

  695. 		$permissions = isset($permissions)?$permissions:array('*'=>'crudl');

  696. 		

  697. 		$db = isset($db)?$db:null;

  698. 		$method = isset($method)?$method:$_SERVER['REQUEST_METHOD'];

  699. 		$request = isset($request)?$request:(isset($_SERVER['PATH_INFO'])?$_SERVER['PATH_INFO']:'');

  700. 		$get = isset($get)?$get:$_GET;

  701. 		$post = isset($post)?$post:'php://input';

  702. 

  703. 		$request = explode('/', trim($request,'/'));

  704. 

  705. 		$multidb   = !$database;

  706. 		if ($multidb) {

  707. 			$database  = $this->parseRequestParameter($request, 'a-zA-Z0-9\-_,', false);

  708. 		}

  709. 		if (!$db) {

  710. 			$db = $this->connectDatabase($hostname,$username,$password,$database,$port,$socket,$charset);

  711. 		}

  712. 

  713. 		$this->config = compact('method', 'request', 'get', 'post', 'multidb', 'database', 'permissions', 'db');

  714. 	}

  715. 

  716. 	public static function mysql_crud_api_transform(&$tables) {

  717. 		$get_objects = function (&$tables,$table_name,$where_index=false,$match_value=false) use (&$get_objects) {

  718. 			$objects = array();

  719. 			foreach ($tables[$table_name]['records'] as $record) {

  720. 				if ($where_index===false || $record[$where_index]==$match_value) {

  721. 					$object = array();

  722. 					foreach ($tables[$table_name]['columns'] as $index=>$column) {

  723. 						$object[$column] = $record[$index];

  724. 						foreach ($tables as $relation=>$reltable) {

  725. 							if (isset($reltable['relations'])) {

  726. 								foreach ($reltable['relations'] as $key=>$target) {

  727. 									if ($target == "$table_name.$column") {

  728. 										$column_indices = array_flip($reltable['columns']);

  729. 										$object[$relation] = $get_objects($tables,$relation,$column_indices[$key],$record[$index]);

  730. 									}

  731. 								}

  732. 							}

  733. 						}

  734. 					}

  735. 					$objects[] = $object;

  736. 				}

  737. 			}

  738. 			return $objects;

  739. 		};

  740. 		$tree = array();

  741. 		foreach ($tables as $name=>$table) {

  742. 			if (!isset($table['relations'])) {

  743. 				$tree[$name] = $get_objects($tables,$name);

  744. 				if (isset($table['results'])) {

  745. 					$tree['_results'] = $table['results'];

  746. 				}

  747. 			}

  748. 		}

  749. 		return $tree;

  750. 	}

  751. 

  752. 	public function executeCommand() {

  753. 		$parameters = $this->getParameters($this->config);

  754. 		switch($parameters['action']){

  755. 			case 'list': $this->listCommandTransform($parameters); break;

  756. 			case 'read': $this->readCommand($parameters); break;

  757. 			case 'create': $this->createCommand($parameters); break;

  758. 			case 'update': $this->updateCommand($parameters); break;

  759. 			case 'delete': $this->deleteCommand($parameters); break;

  760. 		}

  761. 	}

  762. 

  763. }

  764. 

  765. // only execute this when running in stand-alone mode

  766. if(count(get_required_files())<2) {

  767. 	header('Access-Control-Allow-Origin: *');

  768. 	$api = new SQLSRV_CRUD_API(array(

  769. 		'hostname'=>'(local)',

  770. 		'username'=>'',

  771. 		'password'=>'',

  772. 		'database'=>'xxx',

  773. 		'charset'=>'UTF-8'

  774. 	));

  775. 	$api->executeCommand();

  776. }