new API design

1. <?php
2. /*
3. ______________ Token Management
4. api/token/create/{panel_user}/{panel_password}
5. api/token/test/{token}
6.  
7. ______________ Game Server Management
8. api/start                       (POST {token}{ip}{port}{mod_id})
9. api/stop                        (POST {token}{ip}{port}{mod_id})
10. api/restart                     (POST {token}{ip}{port}{mod_id})
11. api/rcon                        (POST {token}{ip}{port}{mod_id}{command})
12.  
13. ______________ Game Server Update
14. api/update/steam                (POST {token}{ip}{port}{mod_id})
15. api/update/rsync                (POST {token}{ip}{port}{mod_id})
16. api/update/manual               (POST {token}{ip}{port}{mod_id}{download_url})
17. api/update/master               (POST {token}{ip}{port}{mod_id})
18.  
19. ______________ Addons Installer
20. api/addon                       (POST {token}{ip}{port}{mod_id}{addon_id})
21. ______________ Steam Workshop Mod Installer
22. api/steam_workshop              (POST {token}{ip}{port}{mod_id}{workshop_id}{workshop_mod_id})
23.  
24. ______________ Files Management
25. api/file_mgr/get                (POST {token}{ip}{port}{relative_path})
26. api/file_mgr/save               (POST {token}{ip}{port}{relative_path}{contents})
27. api/file_mgr/remove             (POST {token}{ip}{port}{relative_path})
28.  
29. ______________ Game servers administration
30. api/servers/create              (POST {token}{home_cfg_id}{mod_cfg_id}{ip}{port}{control_password}{ftp_password}{slots}{affinity}{nice})
31. api/servers/clone               (POST {token}{ip}{port}{mod_id}{clone_home_id})
32. api/servers/assign              (POST {token}{home_id}{user_id})
33. api/servers/remove_assign       (POST {token}{home_id}{user_id})
34. api/servers/assign_expiration   (POST {token}{home_id}{user_id}{timestamp})
35. api/servers/home_expiration     (POST {token}{home_id}{timestamp})
36. api/servers/get_assigned        (POST {token}{user_id})
37.  
38. ______________ Users administration
39. api/users/create                (POST {token}{name}{password}{email})
40. api/users/remove                (POST {token}{email})
41. api/users/set_expiration        (POST {token}{email}{timestamp})
42. */
43. // Convert the URI request in to array // https://stackoverflow.com/questions/4213946/php-take-arguments-from-url-path
44. $URL_REQ = explode('/', strtok(getenv('REQUEST_URI'), '?'));
45. // Remove useless data from the request
46. array_splice($URL_REQ, 0, 2);
47. //Retirieve the function name
48. $function = 'api_'.$URL_REQ[0];
49. //Remove the main function from the request
50. array_splice($URL_REQ, 0, 1);
51.  
52. if(function_exists($function))
53. {
54.     // Report only critical PHP errors
55.     error_reporting(E_ERROR);
56.    
57.     // Path definitions
58.     define("INCLUDES", "includes/");
59.     define("MODULES", "modules/");
60.    
61.     // require needed functions
62.     require_once INCLUDES.'functions.php';
63.     require_once INCLUDES.'helpers.php';
64.     require_once INCLUDES.'html_functions.php';
65.     require_once INCLUDES.'lib_remote.php';
66.     require_once INCLUDES.'config.inc.php';
67.     require_once MODULES.'config_games/server_config_parser.php';
68.     require_once MODULES.'gamemanager/home_handling_functions.php';
69.    
70.     // API tokens table
71.     define("API_TABLE", $table_prefix."api_tokens");
72.     // Connect to the database server and select database.
73.     $db = createDatabaseConnection($db_type, $db_host, $db_user, $db_pass, $db_name, $table_prefix);
74.    
75.     checkDbTable();
76.     $logged_in = false;
77.    
78.     if($function != 'api_token')
79.     {
80.         if(isset($_POST['token']))
81.         {
82.             $token = $_POST['token'];
83.             unset($_POST['token']);
84.             $query = "SELECT user_id FROM ".API_TABLE." WHERE `token` = '".$token."';";
85.             $result = $db->resultQuery($query);
86.             if(isset($result[0]['user_id']))
87.             {
88.                 $user_info = $db->getUserById($result[0]['user_id']);
89.                 if(isset($user_info['users_login']))
90.                 {
91.                     $logged_in = true;
92.                 }
93.             }
94.         }
95.         else
96.         {
97.             outputJSON(array("status" => "300", "message" => "No token supplied"));
98.         }
99.     }
100.    
101.     if($logged_in or $function == 'api_token')
102.     {
103.         //call the function and output the returned data as json
104.         outputJSON($function($URL_REQ, $_POST));
105.     }
106.     else
107.     {
108.         outputJSON(array("status" => "301", "message" => "Invalid Token"));
109.     }
110. }
111. else
112. {
113.     outputJSON(array("status" => "400", "message" => "BAD REQUEST"));
114. }
115.  
116. function checkDbTable()
117. {
118.     global $db;
119.     if(!$db->query('SELECT 1 FROM '.API_TABLE.' LIMIT 1'))
120.     {
121.         $db->query( "CREATE TABLE IF NOT EXISTS `".API_TABLE."` (".
122.                     "`user_id` int(11) NOT NULL,".
123.                     "`token` varchar(64) NOT NULL,".
124.                     "PRIMARY KEY  (`user_id`),".
125.                     "UNIQUE KEY user_id (user_id)".
126.                     ") ENGINE=MyISAM DEFAULT CHARSET=latin1;");
127.     }
128. }
129.  
130. function outputJSON($result){  
131.     // Send JSON output
132.     header('Content-Type: application/json');
133.     echo json_encode($result);
134.     exit();
135. }
136.  
137. function api_token($action, $args)
138. {
139.     global $db;
140.     if($action[0] == "test")
141.     {
142.         $token = $action[1];
143.         $query = "SELECT user_id FROM ".API_TABLE." WHERE `token` = '".$token."';";
144.         $result = $db->resultQuery($query);
145.         if(isset($result[0]['user_id']))
146.         {
147.             $user_info = $db->getUserById($result[0]['user_id']);
148.             if(isset($user_info['users_login']))
149.             {
150.                 $status = "200";
151.                 $message = $user_info['users_role'];
152.             }
153.             else
154.             {
155.                 $status = "400";
156.                 $message = "Invalid Token";
157.             }
158.         }
159.         else
160.         {
161.             $status = "400";
162.             $message = "Invalid Token";
163.         }
164.     }
165.    
166.     if($action[0] == "create")
167.     {
168.         $user = urldecode($action[1]);
169.         $password = urldecode($action[2]);
170.        
171.         $userInfo = $db->getUser($user);
172.        
173.         if(isset($userInfo['users_passwd']) && md5($password) == $userInfo['users_passwd'])
174.         {
175.             $token = bin2hex(openssl_random_pseudo_bytes(32));
176.             $query ="INSERT INTO ".API_TABLE.
177.                     " (user_id, token)".
178.                     " VALUES".
179.                     " ('".$userInfo['user_id']."', '".$token."')".
180.                     " ON DUPLICATE KEY UPDATE".
181.                     " user_id = VALUES(user_id),".
182.                     " token = VALUES(token);";
183.             if($db->query($query))
184.             {
185.                 $status = "200";
186.                 $message = $token;
187.             }
188.             else
189.             {
190.                 $status = "500";
191.                 $message = "database failure";
192.             }
193.         }
194.         else
195.         {
196.             $status = "400";
197.             $message = "Invalid login information";
198.         }
199.     }
200.     return array("status" => $status, "message" => $message);
201. }
202.  
203. function api_start($action, $args)
204. {
205.     global $db, $userInfo;
206.     $ip = $args['ip'];
207.     $port = $args['port'];
208.     $mod_id = isset($args['mod_id'])?$args['mod_id']:0;
209.     $status = "200";
210.     $message = "OK";
211.     return array("status" => $status, "message" => $message);
212. }
213.  
214. function api_stop($action, $args)
215. {
216.     global $db, $userInfo;
217.     $ip = $args['ip'];
218.     $port = $args['port'];
219.     $mod_id = isset($args['mod_id'])?$args['mod_id']:0;
220.     $status = "200";
221.     $message = "OK";
222.     return array("status" => $status, "message" => $message);
223. }
224.  
225. function api_restart($action, $args)
226. {
227.     global $db, $userInfo;
228.     $ip = $args['ip'];
229.     $port = $args['port'];
230.     $mod_id = isset($args['mod_id'])?$args['mod_id']:0;
231.     $status = "200";
232.     $message = "OK";
233.     return array("status" => $status, "message" => $message);
234. }
235.  
236. function api_rcon($action, $args)
237. {
238.     global $db, $userInfo;
239.     $ip = $args['ip'];
240.     $port = $args['port'];
241.     $mod_id = isset($args['mod_id'])?$args['mod_id']:0;
242.     $command = $args['command'];
243.     $status = "200";
244.     $message = "OK";
245.     return array("status" => $status, "message" => $message);
246. }
247.  
248. function api_update($action, $args)
249. {
250.     global $db, $userInfo;
251.     $ip = $args['ip'];
252.     $port = $args['port'];
253.     $mod_id = isset($args['mod_id'])?$args['mod_id']:0;
254.     if($action[0] == "steam")
255.     {
256.         $status = "200";
257.         $message = "OK";
258.     }
259.    
260.     if($action[0] == "rsync")
261.     {
262.         $status = "200";
263.         $message = "OK";
264.     }
265.    
266.     if($action[0] == "manual")
267.     {
268.         $download_url = $args['download_url'];
269.         $status = "200";
270.         $message = "OK";
271.     }
272.    
273.     if($action[0] == "master")
274.     {
275.         $status = "200";
276.         $message = "OK";
277.     }
278.    
279.     return array("status" => $status, "message" => $message);
280. }
281.  
282. function api_addon($action, $args)
283. {
284.     global $db, $userInfo;
285.     $ip = $args['ip'];
286.     $port = $args['port'];
287.     $mod_id = isset($args['mod_id'])?$args['mod_id']:0;
288.     $addon_id = $args['addon_id'];
289.    
290.     $status = "200";
291.     $message = "OK";
292.     return array("status" => $status, "message" => $message);
293. }
294.  
295. function api_steam_workshop($action, $args)
296. {
297.     global $db, $userInfo;
298.     $ip = $args['ip'];
299.     $port = $args['port'];
300.     $mod_id = isset($args['mod_id'])?$args['mod_id']:0;
301.     $workshop_id = $args['workshop_id'];
302.     $workshop_mod_id = $args['workshop_mod_id'];
303.    
304.     $status = "200";
305.     $message = "OK";
306.     return array("status" => $status, "message" => $message);
307. }
308.  
309. function api_file_mgr($action, $args)
310. {
311.     global $db, $userInfo;
312.     $ip = $args['ip'];
313.     $port = $args['port'];
314.     $relative_path = $args['relative_path'];
315.    
316.     if($action[0] == "get")
317.     {
318.         $status = "200";
319.         $message = "OK";
320.     }
321.    
322.     if($action[0] == "save")
323.     {
324.         $contents = $args['contents'];
325.         $status = "200";
326.         $message = "OK";
327.     }
328.    
329.     if($action[0] == "remove")
330.     {
331.         $status = "200";
332.         $message = "OK";
333.     }
334.     return array("status" => $status, "message" => $message);
335. }
336.  
337. function api_servers($action, $args)
338. {
339.     global $db, $userInfo;
340.     $status = "200";
341.     $message = "OK";
342.     return array("status" => $status, "message" => $message);
343. }
344.  
345. function api_users($action, $args)
346. {
347.     global $db, $userInfo;
348.     $status = "200";
349.     $message = "OK";
350.     return array("status" => $status, "message" => $message);
351. }
352. ?>