Skip to content

Instantly share code, notes, and snippets.

@JingwenTian

JingwenTian/Rest.inc.php

Created October 14, 2014 16:17
Show Gist options
  • Save JingwenTian/b91907aa41426b894191 to your computer and use it in GitHub Desktop.
Save JingwenTian/b91907aa41426b894191 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
api.php
<?php
/*
This is an example class script proceeding secured API
To use this class you should keep same as query string and function name
Ex: If the query string value rquest=delete_user Access modifiers doesn't matter but function should be
function delete_user(){
You code goes here
}
Class will execute the function dynamically;
usage :
$object->response(output_data, status_code);
$object->_request - to get santinized input
output_data : JSON (I am using)
status_code : Send status message for headers
Add This extension for localhost checking :
Chrome Extension : Advanced REST client Application
URL : https://chrome.google.com/webstore/detail/hgmloofddffdnphfgcellkdfbfbjeloo
I used the below table for demo purpose.
CREATE TABLE IF NOT EXISTS `users` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`user_fullname` varchar(25) NOT NULL,
`user_email` varchar(50) NOT NULL,
`user_password` varchar(50) NOT NULL,
`user_status` tinyint(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
*/
require_once("Rest.inc.php");
class API extends REST {
public $data = "";
const DB_SERVER = "localhost";
const DB_USER = "root";
const DB_PASSWORD = "arun";
const DB = "users";
private $db = NULL;
public function __construct(){
parent::__construct(); // Init parent contructor
$this->dbConnect(); // Initiate Database connection
}
/*
* Database connection
*/
private function dbConnect(){
$this->db = mysql_connect(self::DB_SERVER,self::DB_USER,self::DB_PASSWORD);
if($this->db)
mysql_select_db(self::DB,$this->db);
}
/*
* Public method for access api.
* This method dynmically call the method based on the query string
*
*/
public function processApi(){
$func = strtolower(trim(str_replace("/","",$_REQUEST['rquest'])));
if((int)method_exists($this,$func) > 0)
$this->$func();
else
$this->response('',404); // If the method not exist with in this class, response would be "Page not found".
}
/*
* Simple login API
* Login must be POST method
* email : <USER EMAIL>
* pwd : <USER PASSWORD>
*/
private function login(){
// Cross validation if the request method is POST else it will return "Not Acceptable" status
if($this->get_request_method() != "POST"){
$this->response('',406);
}
$email = $this->_request['email'];
$password = $this->_request['pwd'];
// Input validations
if(!empty($email) and !empty($password)){
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
$sql = mysql_query("SELECT user_id, user_fullname, user_email FROM users WHERE user_email = '$email' AND user_password = '".md5($password)."' LIMIT 1", $this->db);
if(mysql_num_rows($sql) > 0){
$result = mysql_fetch_array($sql,MYSQL_ASSOC);
// If success everythig is good send header as "OK" and user details
$this->response($this->json($result), 200);
}
$this->response('', 204); // If no records "No Content" status
}
}
// If invalid inputs "Bad Request" status message and reason
$error = array('status' => "Failed", "msg" => "Invalid Email address or Password");
$this->response($this->json($error), 400);
}
private function users(){
// Cross validation if the request method is GET else it will return "Not Acceptable" status
if($this->get_request_method() != "GET"){
$this->response('',406);
}
$sql = mysql_query("SELECT user_id, user_fullname, user_email FROM users WHERE user_status = 1", $this->db);
if(mysql_num_rows($sql) > 0){
$result = array();
while($rlt = mysql_fetch_array($sql,MYSQL_ASSOC)){
$result[] = $rlt;
}
// If success everythig is good send header as "OK" and return list of users in JSON format
$this->response($this->json($result), 200);
}
$this->response('',204); // If no records "No Content" status
}
private function deleteUser(){
// Cross validation if the request method is DELETE else it will return "Not Acceptable" status
if($this->get_request_method() != "DELETE"){
$this->response('',406);
}
$id = (int)$this->_request['id'];
if($id > 0){
mysql_query("DELETE FROM users WHERE user_id = $id");
$success = array('status' => "Success", "msg" => "Successfully one record deleted.");
$this->response($this->json($success),200);
}else
$this->response('',204); // If no records "No Content" status
}
/*
* Encode array into JSON
*/
private function json($data){
if(is_array($data)){
return json_encode($data);
}
}
}
// Initiiate Library
$api = new API;
$api->processApi();
?>
Raw
htaccess.txt
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-s
RewriteRule ^(.*)$ api.php?rquest=$1 [QSA,NC,L]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.*)$ api.php [QSA,NC,L]
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^(.*)$ api.php [QSA,NC,L]
</IfModule>
Raw
Rest.inc.php
<?php
/* File : Rest.inc.php
* Author : Arun Kumar Sekar
*/
class REST {
public $_allow = array();
public $_content_type = "application/json";
public $_request = array();
private $_method = "";
private $_code = 200;
public function __construct(){
$this->inputs();
}
public function get_referer(){
return $_SERVER['HTTP_REFERER'];
}
public function response($data,$status){
$this->_code = ($status)?$status:200;
$this->set_headers();
echo $data;
exit;
}
private function get_status_message(){
$status = array(
100 => 'Continue',
101 => 'Switching Protocols',
200 => 'OK',
201 => 'Created',
202 => 'Accepted',
203 => 'Non-Authoritative Information',
204 => 'No Content',
205 => 'Reset Content',
206 => 'Partial Content',
300 => 'Multiple Choices',
301 => 'Moved Permanently',
302 => 'Found',
303 => 'See Other',
304 => 'Not Modified',
305 => 'Use Proxy',
306 => '(Unused)',
307 => 'Temporary Redirect',
400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
407 => 'Proxy Authentication Required',
408 => 'Request Timeout',
409 => 'Conflict',
410 => 'Gone',
411 => 'Length Required',
412 => 'Precondition Failed',
413 => 'Request Entity Too Large',
414 => 'Request-URI Too Long',
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed',
500 => 'Internal Server Error',
501 => 'Not Implemented',
502 => 'Bad Gateway',
503 => 'Service Unavailable',
504 => 'Gateway Timeout',
505 => 'HTTP Version Not Supported');
return ($status[$this->_code])?$status[$this->_code]:$status[500];
}
public function get_request_method(){
return $_SERVER['REQUEST_METHOD'];
}
private function inputs(){
switch($this->get_request_method()){
case "POST":
$this->_request = $this->cleanInputs($_POST);
break;
case "GET":
case "DELETE":
$this->_request = $this->cleanInputs($_GET);
break;
case "PUT":
parse_str(file_get_contents("php://input"),$this->_request);
$this->_request = $this->cleanInputs($this->_request);
break;
default:
$this->response('',406);
break;
}
}
private function cleanInputs($data){
$clean_input = array();
if(is_array($data)){
foreach($data as $k => $v){
$clean_input[$k] = $this->cleanInputs($v);
}
}else{
if(get_magic_quotes_gpc()){
$data = trim(stripslashes($data));
}
$data = strip_tags($data);
$clean_input = trim($data);
}
return $clean_input;
}
private function set_headers(){
header("HTTP/1.1 ".$this->_code." ".$this->get_status_message());
header("Content-Type:".$this->_content_type);
}
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment