From c8f940be4aa4587e57fb36bab800b3e90a4f8762 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Mon, 20 Oct 2014 18:49:21 -0500 Subject: [PATCH] Add REST web service for get personal messages - refs #7338 --- .../classes/MessagesWebService.class.php | 128 ++++++++++++++++++ webservices/classes/WebService.class.php | 73 ++++++++++ webservices/rest.php | 74 ++++++++++ 3 files changed, 275 insertions(+) create mode 100644 webservices/classes/MessagesWebService.class.php create mode 100644 webservices/classes/WebService.class.php create mode 100644 webservices/rest.php diff --git a/webservices/classes/MessagesWebService.class.php b/webservices/classes/MessagesWebService.class.php new file mode 100644 index 0000000000..0ce13eb4c0 --- /dev/null +++ b/webservices/classes/MessagesWebService.class.php @@ -0,0 +1,128 @@ + + * @package chamilo.webservices.messages + */ +class MessagesWebService extends WebService +{ + + const FIELD_VARIABLE = 'api_key_message'; + + /** + * Generate the api key for a user + * @return string The api key + */ + public function generateApiKey() + { + return sha1('Chamilo-LMS'); + } + + /** + * Get the user api key + * @param string $username The user name + * @return string The api key + */ + public function getApiKey($username) + { + $userInfo = api_get_user_info_from_username($username); + $saveApiKey = false; + + if ($this->apiKey !== null) { + return $this->apiKey; + } else { + $field = new ExtraField('user'); + $fieldData = $field->get_handler_field_info_by_field_variable(self::FIELD_VARIABLE); + + if ($fieldData !== false) { // Exists the api_key_message extra field + $fieldId = $fieldData['id']; + + $fieldValue = new ExtraFieldValue('user'); + $fieldValueData = $fieldValue->get_values_by_handler_and_field_id($userInfo['user_id'], $fieldId); + + if ($fieldValueData !== false) { + return $fieldValueData['field_value']; + } else { + $saveApiKey = true; + } + } else { + $fieldId = UserManager::create_extra_field(self::FIELD_VARIABLE, ExtraField::FIELD_TYPE_TEXT, 'APIKeyMessages', ''); + + $saveApiKey = true; + } + + if ($saveApiKey) { // If needs save the api key + $this->apiKey = $this->generateApiKey(); + + $fieldValueTable = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES); + + Database::insert($fieldValueTable, array( + 'user_id' => $userInfo['user_id'], + 'field_id' => $fieldId, + 'field_value' => $this->apiKey, + 'tms' => api_get_utc_datetime() + )); + } + + return $this->apiKey; + } + } + + /** + * Check if the api is valid for a user + * @param string $username The username + * @param string $apiKey The api key + * @return boolean Whether the api belongs to the user return true. Otherwise return false + */ + public static function isValidApiKey($username, $apiKey) + { + $fieldValueTable = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES); + $fieldTable = Database::get_main_table(TABLE_MAIN_USER_FIELD); + $userTable = Database::get_main_table(TABLE_MAIN_USER); + + $sql = "SELECT COUNT(1) AS qty " + . "FROM $fieldValueTable AS v " + . "INNER JOIN $fieldTable AS f " + . "ON v.field_id = f.id " + . "INNER JOIN $userTable AS u " + . "ON v.user_id = u.user_id " + . "WHERE u.username = '$username'" + . "AND (f.field_variable = '" . self::FIELD_VARIABLE . "' " + . "AND v.field_value = '$apiKey')"; + + $result = Database::query($sql); + + if ($result !== false) { + $row = Database::fetch_assoc($result); + + if ($row['qty'] > 0) { + return true; + } + } + + return false; + } + + /** + * Get the count of new messages for a user + * @param string $username The username + * @return int The count fo new messages + */ + public function countNewMessages($username) + { + return 0; + } + + /** + * Get the list of new messages for a user + * @param string $username The username + * @return array the new message list + */ + public function getNewMessages($username) + { + return array(); + } + +} diff --git a/webservices/classes/WebService.class.php b/webservices/classes/WebService.class.php new file mode 100644 index 0000000000..aa37304e3b --- /dev/null +++ b/webservices/classes/WebService.class.php @@ -0,0 +1,73 @@ + + * @package chamilo.webservices + */ +abstract class WebService +{ + + protected $apiKey; + + /** + * Class constructor + */ + public function __construct() + { + $this->apiKey = null; + } + + /** + * Set the api key + * @param string $apiKey The api key + */ + public function setApiKey($apiKey) + { + $this->apiKey = $apiKey; + } + + /** + * @abstract + */ + abstract public function getApiKey($username); + + /** + * @abstract + */ + abstract public static function isValidApiKey($username, $apiKey); + + /** + * Check whether the username and password are valid + * @param string $username The username + * @param string $password the password + * @return boolean Whether the password belongs to the username return true. Otherwise return false + */ + public static function isValidUser($username, $password) + { + $userTable = Database::get_main_table(TABLE_MAIN_USER); + + $whereConditions = array( + "username = '?' " => $username, + "AND password = '?'" => sha1($password) + ); + + $conditions = array( + 'where' => $whereConditions + ); + + $table = Database::select('count(1) as qty', $userTable, $conditions); + + if ($table != false) { + $row = current($table); + + if ($row['qty'] > 0) { + return true; + } + } + + return false; + } + +} diff --git a/webservices/rest.php b/webservices/rest.php new file mode 100644 index 0000000000..5eac678e1c --- /dev/null +++ b/webservices/rest.php @@ -0,0 +1,74 @@ + + * @package chamilo.plugin.tour + */ +/* Require libs and classes */ +require_once '../main/inc/global.inc.php'; +require_once './classes/WebService.class.php'; +require_once './classes/MessagesWebService.class.php'; + +/* Manage actions */ +$json = array(); + +$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'nothing'; +$username = Security::remove_XSS($_POST['username']); +$apiKey = isset($_POST['api_key']) ? Security::remove_XSS($_POST['api_key']) : null; + +switch ($action) { + case 'loginNewMessages': + $password = Security::remove_XSS($_POST['password']); + + if (MessagesWebService::isValidUser($username, $password)) { + $webService = new MessagesWebService(); + + $apiKey = $webService->getApiKey($username); + + $json = array( + 'apiKey' => $apiKey + ); + } else { + $json = array( + 'status' => false + ); + } + break; + case 'countNewMessages': + if (MessagesWebService::isValidApiKey($username, $apiKey)) { + $webService = new MessagesWebService(); + $webService->setApiKey($apiKey); + + $count = $webService->countNewMessages($username); + + $json = array( + 'count' => $count + ); + } else { + $json = array( + 'status' => false + ); + } + break; + case 'getNewMessages': + if (MessagesWebService::isValidApiKey($username, $apiKey)) { + $webService = new MessagesWebService(); + $webService->setApiKey($apiKey); + + $messages = $webService->getNewMessages($username); + + $json = array( + 'newMessages' => $messages + ); + } else { + $json = array( + 'status' => false + ); + } + break; + default: +} + +/* View */ +echo json_encode($json);