gest366/api/index.php

139 lines
4.5 KiB
PHP
Raw Normal View History

2021-02-24 20:40:04 +00:00
<?php
// Possibile ulteriore implementazione: eseguire un controllo sui permessi dell'utente per limitare lo scaricamento dei dati.
header("Access-Control-Allow-Origin: *");
include_once (__DIR__ . "/../core.php");
include ("./lib/modutil.php");
2021-02-24 20:40:04 +00:00
$key = filter("key");
if (! isset($key) || ! user_check($key)) {
echo "-1";
return false;
}
$id = filter('id');
$search = filter('search');
$reduced = filter('reduced');
$last_updated = filter('upd');
$operation = filter('op');
$campi = filter('campi');
$value = filter('values');
$table = filter('table');
$str_update = filter('str_update');
$select = "*";
$where = "";
$order = "";
// c0e024d9200b5705bc4804722636378a
// http://localhost/ges360v2/api/?key=c0e024d9200b5705bc4804722636378a&table=in_mail&campi=oggetto,contenuto&values='testoggetto','test contenuto'&op=insert
$results = array();
switch ($operation) {
case 'updates' :
if (isset($last_updated)) $where = " WHERE updated_at >= " . prepare($last_updated);
$excluded = explode(",", get_var("API_excluded_tables"));
// Attenzione: query specifica per MySQL
$datas = $dbo->fetchArray("SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE' AND TABLE_SCHEMA=" . prepare($db_name));
if ($datas != null) {
foreach ($datas as $data) {
if (! in_array($data["TABLE_NAME"], $excluded)) $results[$data["TABLE_NAME"]] = $dbo->fetchArray("SELECT * FROM " . $data["TABLE_NAME"] . $where);
}
}
break;
case 'update' :
$results = $dbo->query("update ".$table." " . $str_update . ")");
break;
case 'insert' :
$results = $dbo->query("insert into ".$table." (" . $campi . ") VALUES (" . $value . ")");
break;
case 'deleted':
if (isset($last_updated)) $where = "AND updated_at >= " . prepare($last_updated);
$excluded = explode(",", get_var("API_excluded_tables"));
// Attenzione: query specifica per MySQL
$datas = $dbo->fetchArray("SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE' AND TABLE_SCHEMA=" . prepare($db_name));
if ($datas != null) {
foreach ($datas as $data) {
$id = $dbo->fetchArray("SELECT `id` FROM `zz_tables` WHERE `name`=".prepare($data["TABLE_NAME"]));
if (! in_array($data["TABLE_NAME"], $excluded) && $id != null){
$id = $id[0]['id'];
$deleted = $dbo->fetchArray("SELECT SQL_CALC_FOUND_ROWS `id` FROM `zz_deleted` WHERE `id_table`=".prepare($id)." ORDER BY `id` ASC");
$cont_del = $dbo->fetchArray("SELECT FOUND_ROWS()")[0]['FOUND_ROWS()'];
$column = $dbo->fetchArray("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = ".prepare($data["TABLE_NAME"])." AND EXTRA LIKE '%AUTO_INCREMENT%' AND TABLE_SCHEMA = ".prepare($db_name))[0]['COLUMN_NAME'];
$temps = $dbo->fetchArray("SELECT SQL_CALC_FOUND_ROWS `".$column."` FROM `".$data["TABLE_NAME"]."` ORDER BY `".$column."` ASC");
$cont = $dbo->fetchArray("SELECT FOUND_ROWS()")[0]['FOUND_ROWS()'];
$result = $dbo->fetchArray("SELECT AUTO_INCREMENT FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = ".prepare($data["TABLE_NAME"])." AND TABLE_SCHEMA = ".prepare($db_name));
for($i = 1; $i<$result[0]['AUTO_INCREMENT']; $i++){
if(ricerca($temps, $i, $cont, $column) == -1 && ricerca($deleted, $i, $cont_del) == -1) {
$dbo->query("INSERT INTO `zz_deleted` (`id`, `id_table`) VALUES (".prepare($i).", ".prepare($id).")");
}
}
$results[$data["TABLE_NAME"]] = $dbo->fetchArray("SELECT `id` FROM `zz_deleted` WHERE `id_table`=".prepare($id)." ".$where." ORDER BY `id` ASC");
}
}
}
break;
case 'interventi' :
$order = "ORDER BY idintervento";
if (isset($id)) $where = "WHERE `idintervento`=" . prepare($id);
else {
if (isset($reduced)) $select = "`idintervento`";
}
$results = $dbo->fetchArray("SELECT " . $select . " FROM `in_interventi` " . $where . " " . $order);
break;
case 'anagrafiche' :
$order = "ORDER BY `idanagrafica`";
if (isset($id)) $where = "WHERE `idanagrafica`=" . prepare($id);
else {
if (isset($search)) $where = "WHERE `ragione_sociale` LIKE " . prepare("%" . $search . "%");
if (isset($reduced)) $select = "`idanagrafica`";
}
$results = $dbo->fetchArray("SELECT " . $select . " FROM `an_anagrafiche` " . $where . " " . $order);
break;
case 'import' :
$results = $dbo->fetchArray("SELECT * FROM ".$table);
break;
default :
break;
}
echo json_encode($results, JSON_PRETTY_PRINT); // JSON_FORCE_OBJECTJSON_PRETTY_PRINT
?>