diff --git a/api/servers/list.php b/api/servers/list.php new file mode 100644 index 0000000..3de19a0 --- /dev/null +++ b/api/servers/list.php @@ -0,0 +1,35 @@ +checkApiAuth()) { + die('{"status":500, "error":"Unauthrized"}'); +} + +$db = $mcServ->getDB(); + +$sql = "SELECT * FROM servers"; +$stmt = $db->query($sql); + +$result = $stmt->fetchAll(PDO::FETCH_ASSOC); + +$servers = []; + +if ($result) { + foreach ($result as $server_res) { + $server["name"] = $server_res["name"]; + $server["uuid"] = $server_res["uuid"]; + + $servers[] = $server; + } + + $json["servers"] = $servers; +}else{ + $json["servers"] = []; +} + +$json["status"] = 200; + +echo json_encode($json); +?> \ No newline at end of file diff --git a/api/setup/setup.php b/api/setup/setup.php index eb9a86f..e442508 100755 --- a/api/setup/setup.php +++ b/api/setup/setup.php @@ -33,6 +33,26 @@ CREATE TABLE IF NOT EXISTS users ( $db->exec($sql); +$sql = " +CREATE table IF NOT EXISTS servers ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + uuid VARCHAR(50) UNIQUE NOT NULL, + name VARCHAR(30) +) +"; + +$db->exec($sql); + +$sql = " +CREATE TABLE IF NOT EXISTS api_keys ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + key VARCHAR(100) UNIQUE NOT NULL, + user_id INTEGER +) +"; + +$db->exec($sql); + $sql = " INSERT INTO users (username, mail, passwd) VALUES (:user, :mail, :passwd) "; diff --git a/front/test.php b/front/test.php index d4de878..73f3aba 100755 --- a/front/test.php +++ b/front/test.php @@ -1,4 +1,14 @@ $value) { +ini_set("display_errors", 1); +ini_set("display_startup_errors", 1); +error_reporting(E_ALL); + +/*foreach ($_SERVER as $key => $value) { echo $key . " = " . $value . "
"; -} \ No newline at end of file +}*/ + +require "../main.php"; + +$mcServ = new mcServ(); + +echo $mcServ->checkApiAuth() ? "TRUE" : "FALSE"; diff --git a/main.php b/main.php index 4f88634..2fe52a3 100755 --- a/main.php +++ b/main.php @@ -15,6 +15,8 @@ ini_set("display_startup_errors", 1); error_reporting(E_ALL); class mcServ { + private $api_keys; + public function checkConf() { if (!file_exists("../mcServ.db")) { return false; @@ -64,4 +66,53 @@ class mcServ { return $hash; } + + public function checkApiAuth() { + if ($this->checkLogin()) { + return true; + }elseif (isset($_SERVER["HTTP_X_API_KEY"])) { + $key = $_SERVER["HTTP_X_API_KEY"]; + + $db = $this->getDB(); + + $sql = "SELECT * FROM api_keys WHERE key = :key"; + + $stmt = $db->prepare($sql); + + $stmt->execute([":key" => $key]); + + $result = $stmt->fetch(PDO::FETCH_ASSOC); + + if ($result) { + $user_id = $result["user_id"]; + + $sql = "SELECT username FROM users WHERE id = :id"; + $stmt = $db->prepare($sql); + + $stmt->execute([":id" => $user_id]); + $result = $stmt->fetch(PDO::FETCH_ASSOC); + + $username = $result["username"]; + + $this->api_keys[$key] = $username; + + return true; + }else{ + return false; + } + }else{ + return false; + } + } + + public function getUser() { + if ($this->checkLogin()) { + return $_COOKIE["username"]; + }elseif (isset($_SERVER["HTTP_X_API_KEY"])) { + $key = $_SERVER["HTTP_X_API_KEY"]; + if (isset($this->api_keys[$key])) { + return $this->api_keys[$key]; + } + } + } } \ No newline at end of file diff --git a/mcServ.db b/mcServ.db index ed72102..27a01a4 100644 Binary files a/mcServ.db and b/mcServ.db differ