grundlagen für Rechtesystem eingebaut

bad315bc · Nico Schallehn · 5a00b9e4 · bad315bc
Commit bad315bc authored Jan 19, 2016 by Nico Schallehn
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 30 deletions

api.class.php api.class.php +35 -30

No files found.
--- a/api.class.php
+++ b/api.class.php
@@ -5,6 +5,7 @@
 class MediaDBViewerAPI{
 	private $API_KEY;
+	private $API_Rechte;
 	private $DB_Server;
 	private $DB_Username;
 	private $DB_Passwort;
@@ -23,7 +24,8 @@ class MediaDBViewerAPI{
 					$this->DB_Username = $entry['Username'];
 					$this->DB_Passwort = $entry['Passwort'];
 					$this->DB_Database = $entry['Database'];
-					$this->API_KEY = $entry['Schuessel'];
+					$this->API_Rechte  = $entry['Rechte'];
+					$this->API_KEY     = $entry['Schuessel'];
 					$this->DB_Objekt = new mysqli($this->DB_Server, $this->DB_Username,$this->DB_Passwort, $this->DB_Database);
 					if($DB_Objekt->error != null){
 						$ret = false;
@@ -290,39 +292,38 @@ class MediaDBViewerAPI{
 		}
 	}
 	public function API_SetData($GET_arr, $POST_arr =""){
-		/*ob_start();
+		if( ($this->API_Rechte >=3)){
-		var_dump($POST_arr);
+			if(isset($GET_arr["Tabelle"])){
-		$result = ob_get_clean();
+				if($GET_arr["Tabelle"] == "Filme"){
-		*/
+					if(isset($POST_arr["imdbID"])){
-		if(isset($GET_arr["Tabelle"])){
+						$Query = "UPDATE ".$GET_arr["Tabelle"]." WHERE imdbID = ".$POST_arr["imdbID"];
-			if($GET_arr["Tabelle"] == "Filme"){
+						return $this->error(1001, "Auszuführender Query: ".$Query); 
-				if(isset($POST_arr["imdbID"])){
+					}
-					$Query = "UPDATE ".$GET_arr["Tabelle"]." WHERE imdbID = ".$POST_arr["imdbID"];
+					else {
-					return $this->error(1001, "Auszuführender Query: ".$Query); 
+						return $this->error(1004, "Erwartet war imdbID!"); 
-				}
+					}
-				else {
-					return $this->error(1004, "Erwartet war imdbID!"); 
 				}
 			}
+			else {
+				return $this->error(1004, "Erwartet war Tabelle!");
+			}	
+		}else{
+			return $this->error(1007,"Keine Rechte um die Filminfos zu setzen!");
 		}
-		else {
-			return $this->error(1004, "Erwartet war Tabelle!");
-		}
 	}
 	public function API_serverinfo($GET_arr = "", $POST_arr =""){
+		if( ($this->API_Rechte >=3)){
-		return array(	"time" => time(),
+			return array(	"time" => time(),
-						"time_h" => date("",time()),
+							"time_h" => date("",time()),
-						"HTTP_USER_AGENT" => $_SERVER['HTTP_USER_AGENT'],
+							"HTTP_USER_AGENT" => $_SERVER['HTTP_USER_AGENT'],
-						"REMOTE_ADDR" => $_SERVER['REMOTE_ADDR'],
+							"REMOTE_ADDR" => $_SERVER['REMOTE_ADDR'],
-						"Datenbank" => array(	"Datenbankserver" => $this->DB_Server,
+							"Datenbank" => array(	"Datenbankserver" => $this->DB_Server,
-												"Datenbankbenutzer" => $this->DB_Username,
+													"Datenbankbenutzer" => $this->DB_Username,
-												"Datenbank" => $this->DB_Database)
+													"Datenbank" => $this->DB_Database)
-		);
+			);
+		}else{
+			return $this->error(1007,"Keine Rechte um die serverinfo abzufragen!");
+		}
 	}
 	/*
 	 * Ab hier Helfer-Funktionen
@@ -347,7 +348,7 @@ class MediaDBViewerAPI{
 	 * Funktion nur ändern, Um Markus zu ärgern ;-)
 	 */
 	public function APIrespons($Laufzeit = 0, $respons = ""){
-		if(strpos($_SERVER["HTTP_USER_AGENT"], "Android")==0){
+		if((strpos($_SERVER["HTTP_USER_AGENT"], "Android")==0) AND ($this->API_Rechte >=3)){
 			$this->Statistik["Querys"] = $this->Querys;
 			return array(	"API_VERSION"=> API_VERSION,
 					"API_KEY"=>$this->API_KEY,
@@ -396,6 +397,10 @@ class MediaDBViewerAPI{
 				return array(	"FehlerID"=> $ErrID,
 								"FehlerText" => "Folgende Daten wurden Erfolgreich empfangen!",
 								"FehlerBeschreibung" => $Description);
+			case 1007:
+				return array(	"FehlerID"=> $ErrID,
+								"FehlerText" => "Keine Rechte für diese Aktion!!",
+								"FehlerBeschreibung" => $Description);
 				break;
 			default:
 				return array(	"FehlerID"=> 1000,