API tools faq
paste
Advertisement
Guest User

loulou

a guest
Jul 1st, 2015
286
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.83 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once 'class-phpass.php';
  3. header('Access-Control-Allow-Origin: *');
  4.  
  5. //$query = implode("&", $inputdata);
  6.  
  7. $method = $_GET["act"];
  8.  
  9. switch($method)
  10. {
  11.     case "getUserList":
  12.         getUserList();
  13.         break;
  14.     case "isnewUser":
  15.         checkFBUser();
  16.         break;
  17.     case "checkUserExists": // ha, i missed ":".
  18.         checkUserExists();
  19.         break;
  20.     case "returnPoint":  
  21.         returnPoint();
  22.         break;
  23.     // djdavis 3/2/15 - fetch points
  24.     case "fetch_points":
  25.         if (isset($_GET['userID'])) {
  26.             fetch_points($_GET['userID']);
  27.         }
  28.     break;
  29.     case "logout":
  30.         logout();
  31.         break;
  32. }
  33.  
  34. exit;
  35.  
  36. //ok so we can try to connect
  37. /**
  38. * Before you execute below code ,must validation check about $_GET. for example,special characters and attack strings
  39. */
  40. function checkFBUser()
  41. {
  42.     $facebook_id = $_GET["id"];
  43.     $name = $_GET["name"];
  44.     $avatar = $_GET["avatar"];
  45.     $birthday = date("yyyy-mm-dd", strtotime($_GET["birthday"]));;
  46.     $email = $_GET["email"];
  47.     if(empty($facebook_id)){
  48.         print_r(json_encode(array('error' => 'Not hear son.')));
  49.         die();
  50.     }
  51.  
  52.     try {  
  53.         $db = new PDO("mysql:host=db526857900.db.1and1.com;dbname=db526857900;port=3306", "dbo526857900", "admin1234admin");
  54.         $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  55.         $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
  56.         $getherInformation = $db->prepare("SELECT ID,user_login,user_pass,card_number,display_name,user_birth,image_url FROM wp_users where facebook_id = :id");
  57.         $getherInformation->bindValue(":id", $facebook_id);
  58.         $getherInformation->setFetchMode(PDO::FETCH_ASSOC);
  59.         $getherInformation->execute();
  60.         $Result = $getherInformation->fetchAll();
  61.    
  62.         $res = array();    
  63.         if(count($Result) > 0){
  64.             foreach ($Result as $row) {
  65.                 $card_number = $row['card_number'];
  66.                 $user_birth = $row['user_birth'];
  67.                 $id = $row['ID'];
  68.                 $display_name = $row['display_name'];
  69.                 $image_url =  $row['image_url'];
  70.                 $res[] = array(
  71.                     "id" => $id,
  72.                     "userID" => $userid,
  73.                     "cardNumber" => $card_number,
  74.                     "user_birth" => $user_birth,
  75.                     "display_name" => $display_name,
  76.                     "avatar" => $image_url
  77.                 );
  78.                 echo json_encode($res);
  79.             }
  80.         }else{
  81. //          echo json_encode(array('error' => 'User does not exist!','id' => $facebook_id));
  82.             $insert = $db->prepare("INSERT INTO `wp_users`(`user_login`, `user_nicename`, `user_email`, `display_name`, `user_birth`, `facebook_id`, `image_url`) VALUES ( ':user_login', ':first_name', ':email', ':name', ':birthday', ':facebook_id', ':avatar')");
  83.             $insert->execute(array(":user_login" => $first_name,
  84.                 ":first_name" => $first_name,
  85.                 ":facebook_id" => $facebook_id,
  86.                 ":display_name" => $name,
  87.                 ":image_url" => $avatar,
  88.                 ":user_birth" => $birthday,
  89.                 ":email" => $email));
  90.             echo json_encode(array('id' => $facebook_id, 'userID' => $db->lastInsertId()));
  91.         }
  92.  
  93.     }catch (PDOException $e) {     
  94.         print_r(json_encode(array('error' => 'PDOException:'.$e->errorInfo)));
  95.         die();
  96.     }  
  97. }
  98.  
  99.  
  100. //ok so we can try to connect
  101. /**
  102. * Before you execute below code ,must validation check about $_GET. for example,special characters and attack strings
  103. */
  104. function checkUserExists()
  105. {
  106.     $userid = $_GET["user_id"];
  107.     $userpw = $_GET["user_pw"];
  108.  
  109.     if(empty($userid) || empty($userpw)){
  110.        
  111.         print_r(json_encode(array('error' => 'User Name Or Password Empty')));
  112.         die();
  113.        
  114.     }
  115.  
  116.     try {  
  117.         //$db = new PDO("mysql:host=127.0.0.1;dbname=cordova_service;port=3306", "root", ""); // this setting woks fine for me
  118.         $db = new PDO("mysql:host=db526857900.db.1and1.com;dbname=db526857900;port=3306", "dbo526857900", "admin1234admin");
  119.         $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  120.         $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
  121.  
  122.         //Password to wordpress hashed Password
  123.         $wp_hasher = new PasswordHash(8, TRUE);
  124.  
  125.         //$getCardNumbers = $db->prepare("SELECT ID,user_login,user_pass,card_number FROM user where user_login = :user");
  126.         $getCardNumbers = $db->prepare("SELECT ID,user_login,user_pass,card_number,display_name,user_birth,image_url FROM wp_users where user_login = :user");
  127.         $getCardNumbers->bindValue(":user", $userid);
  128.         $getCardNumbers->setFetchMode(PDO::FETCH_ASSOC);
  129.         $getCardNumbers->execute();
  130.         $Result = $getCardNumbers->fetchAll();
  131.    
  132.         $res = array();    
  133.         if(count($Result) > 0){
  134.             foreach ($Result as $row) {
  135.                 /*...*/
  136.                 $card_number = $row['card_number'];
  137.                 $user_birth = $row['user_birth'];
  138.                 $id = $row['ID'];
  139.                 $display_name = $row['display_name'];
  140.                 $image_url =  $row['image_url'];
  141.                 if($wp_hasher->CheckPassword($userpw, $row['user_pass'])) {
  142.                     $res[] = array(
  143.                         "id" => $id,
  144.                         "userID" => $userid,
  145.                         "userPass" => $userpw,
  146.                         "cardNumber" => $card_number,
  147.                         "user_birth" => $user_birth,
  148.                         "display_name" => $display_name,
  149.                         "avatar" => $image_url
  150.                     );
  151.                     echo json_encode($res); // outputs user info if user exists on the table.
  152.                 } else {
  153.                     echo json_encode(array('error' => 'User password incorrect!'));
  154.                 }
  155.             }
  156.         }else{
  157.             echo json_encode(array('error' => 'User does not exist!','user' => $userid,'password' => $userpw));
  158.         }
  159.     }
  160.     catch (PDOException $e) {      
  161.         print_r(json_encode(array('error' => 'PDOException:'.$e->errorInfo)));
  162.         die();
  163.     }  
  164.    
  165. }
  166. /**
  167. * Logout Process
  168. */
  169. function logout(){
  170.     $msg = array('msg' => 'You are logout.');
  171.     print_r(json_encode( $msg ));
  172. }
  173.  
  174. /**
  175. * getUserList() func is the api for getting user list.
  176. */
  177. function getUserList()
  178. {
  179.     /*
  180.     Maybe, in here, first you should connect to your mysql server to fecth user list from User table.
  181.     understand?yes can you do it inphp?
  182.     yes buto ki,f we can do together to be sur is work i prefer if you want
  183.  
  184.     I will write puseduo code in here sorry i'm looking for something
  185.  
  186.     //
  187.  
  188.     */
  189.  
  190.     /*
  191.  
  192.     so you fetched all user list from mysql server, and stores them into array with named $res.
  193.     */
  194.  
  195. /*
  196.     $dbconnect = mysql_connect(db526857900.db.1and1.com, dbo526857900, admin1234admin);
  197.  
  198.     $sql = "SELECT * FROM wp_users ORDER BY id ASC";
  199.  
  200.     mysql_fetch_query($sql);
  201.     */
  202.  
  203.     $res = array(
  204.         array(
  205.             "id" => "1",
  206.             "userId" => "first@user.mail",
  207.             "userBirth" => "1980-10-20" // and blablabla fields
  208.         ),
  209.         array(
  210.             "id" => "2",
  211.             "userId" => "second@user.mail",
  212.             "userBirth" => "1980-10-20" // and blablabla fields
  213.         ),
  214.         array(
  215.             "id" => "3",
  216.             "userId" => "third@user.mail",
  217.             "userBirth" => "1980-10-20" // and blablabla fields
  218.         ),
  219.         array(
  220.             "id" => "4",
  221.             "userId" => "others@user.mail",
  222.             "userBirth" => "1980-10-20" // and blablabla fields
  223.         )
  224.     )   ;
  225.  
  226.     // now, we outputs user list array as JSON format
  227.  
  228.  
  229.     echo json_encode($res);
  230.  
  231. }
  232.  
  233.  
  234.  
  235.  
  236.  
  237.  
  238. /*TEST*/
  239.  
  240. function returnPoint()
  241. {
  242.     try {  
  243.             //$db = new PDO("mysql:host=127.0.0.1;dbname=cordova_service;port=3306", "root", ""); // this setting woks fine for me
  244.             $db = new PDO("mysql:host=db526857900.db.1and1.com;dbname=db526857900;port=3306", "dbo526857900", "admin1234admin");
  245.  
  246.    
  247.             $wp_hasher = new PasswordHash(8, TRUE);
  248.  
  249.         //$getCardNumbers = $db->prepare("SELECT ID,user_login,user_pass,card_number FROM user where user_login = :user");
  250.         $getCardNumbers = $db->prepare("SELECT `point` FROM `point_customer_store_tbl` WHERE `id_customer`=83 and `id_store`=23");
  251.         $getCardNumbers->bindValue(":user", $userid);
  252.         $getCardNumbers->setFetchMode(PDO::FETCH_ASSOC);
  253.         $getCardNumbers->execute();
  254.         $Result = $getCardNumbers->fetchAll();
  255.    
  256.         $res = array();    
  257.         if(count($Result) > 0){
  258.             foreach ($Result as $row) {
  259.                 /*...*/
  260.                 $point = $row['point'];
  261.                
  262.                
  263.                     $res[] = array(
  264.                        
  265.                         "point" => $point,
  266.                        
  267.                     );
  268.                     echo json_encode($res); // outputs user info if user exists on the table.
  269.            
  270.             }
  271.         }else{
  272.             echo json_encode(array('error' => 'User no exist!','user' => $userid,'password' => $userpw));
  273.         }
  274.     }
  275.     catch (PDOException $e) {      
  276.         print_r(json_encode(array('error' => 'PDOException:'.$e->errorInfo)));
  277.         die();
  278.     }
  279.  
  280. }
  281.  
  282. // djdavis 3/2/15 - fetch_points
  283. function fetch_points($userID) {
  284.  
  285. /*  $db = new PDO("mysql:host=db526857900.db.1and1.com;dbname=db526857900;port=3306", "dbo526857900", "admin1234admin");
  286.     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  287.     $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
  288.  
  289.     $store_points = $db->prepare("
  290.     SELECT
  291.     store_tbl.store_id,
  292.     store_tbl.store_name,
  293.     store_tbl.name
  294.     FROM `store_tbl`");
  295.     $store_points->setFetchMode(PDO::FETCH_ASSOC);
  296.     $store_points->execute();
  297.     $Result = $store_points->fetchAll(); */
  298.  
  299.     mysql_connect("db526857900.db.1and1.com","dbo526857900", "admin1234admin");
  300.     mysql_select_db("db526857900");
  301.     $selectbl = "SELECT w.user_nicename, s.store_name as store_name, p.id_store as id_store, s.reservationemail as reservationemail, s.name as name, SUM( p.point ) AS total
  302.     FROM point_customer_store_tbl AS p
  303.     LEFT JOIN store_tbl AS s ON p.id_store = s.store_id
  304.     LEFT JOIN wp_users AS w ON w.ID = p.id_customer WHERE w.id=".$userID."
  305.     GROUP BY p.id_customer, p.id_store
  306.     ORDER BY total DESC";
  307.  
  308.     $datatbl=mysql_query($selectbl);
  309.     while($row = mysql_fetch_array ($datatbl))
  310.     {
  311.         $sql = "SELECT * FROM `store_reward` WHERE store_id = ".$row["id_store"]." ORDER BY value";
  312.         $rewards = mysql_query($sql);
  313.         while($reward = mysql_fetch_array ($rewards)) {
  314.             $array_reward[] = $reward;
  315.         }
  316.         $row["rewards"] = $array_reward;
  317.         $rows[] = $row;
  318.         $array_reward = null;
  319.     }  
  320.    
  321.    
  322.     if(count($rows) > 0) {
  323.         $return = array();
  324.         foreach ($rows as $row) {
  325.        
  326.  
  327.             $return[] = array('store_name' => $row['store_name'],
  328.                             'store_pic'         =>  "store-images/".$row['name'],
  329.                             'short_store_pic'   =>  $row['name'],
  330.                             'pts'               => $row['total']
  331.                             ); 
  332.            
  333.         }
  334.         echo json_encode($return);     
  335.     } else {
  336.         echo json_encode(array('error' => 'No data found'));
  337.     }  
  338. }
  339.  
  340.  
  341. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!