v2.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. require_once __DIR__.'/../../inc/global.inc.php';
  4. $hash = isset($_REQUEST['hash']) ? $_REQUEST['hash'] : null;
  5. if ($hash) {
  6. $hashParams = Rest::decodeParams($hash);
  7. if (!empty($hashParams)) {
  8. foreach ($hashParams as $key => $value) {
  9. $_REQUEST[$key] = Security::remove_XSS($value);
  10. }
  11. }
  12. }
  13. $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
  14. $username = isset($_REQUEST['username']) ? Security::remove_XSS($_REQUEST['username']) : null;
  15. $apiKey = isset($_REQUEST['api_key']) ? Security::remove_XSS($_REQUEST['api_key']) : null;
  16. $course = !empty($_REQUEST['course']) ? intval($_REQUEST['course']) : null;
  17. $session = !empty($_REQUEST['session']) ? intval($_REQUEST['session']) : null;
  18. $restResponse = new RestResponse();
  19. try {
  20. /** @var Rest $restApi */
  21. $restApi = $apiKey ? Rest::validate($username, $apiKey) : null;
  22. if ($restApi) {
  23. $restApi->setCourse($course);
  24. $restApi->setSession($session);
  25. }
  26. switch ($action) {
  27. case Rest::GET_AUTH:
  28. Rest::init();
  29. $password = isset($_POST['password']) ? $_POST['password'] : null;
  30. $isValid = Rest::isValidUser($username, $password);
  31. if (!$isValid) {
  32. throw new Exception(get_lang('Invalid user detected.'));
  33. }
  34. $restResponse->setData([
  35. 'url' => api_get_path(WEB_PATH),
  36. 'apiKey' => Rest::findUserApiKey($username, Rest::SERVICE_NAME),
  37. 'gcmSenderId' => api_get_setting('messaging_gdc_project_number'),
  38. ]);
  39. break;
  40. case Rest::SAVE_GCM_ID:
  41. $gcmId = isset($_POST['registration_id']) ? Security::remove_XSS($_POST['registration_id']) : null;
  42. $restApi->setGcmId($gcmId);
  43. $restResponse->setData(['status' => true]);
  44. break;
  45. case Rest::GET_USER_MESSAGES:
  46. $lastMessageId = isset($_POST['last']) ? intval($_POST['last']) : 0;
  47. $messages = $restApi->getUserMessages($lastMessageId);
  48. $restResponse->setData($messages);
  49. break;
  50. case Rest::POST_USER_MESSAGE_READ:
  51. case Rest::POST_USER_MESSAGE_UNREAD:
  52. $messagesId = isset($_POST['messages']) && is_array($_POST['messages'])
  53. ? array_map('intval', $_POST['messages'])
  54. : [];
  55. $messagesId = array_filter($messagesId);
  56. if (empty($messagesId)) {
  57. throw new Exception(get_lang('No data available'));
  58. }
  59. $messageStatus = $action === Rest::POST_USER_MESSAGE_READ ? MESSAGE_STATUS_NEW : MESSAGE_STATUS_UNREAD;
  60. $data = array_flip($messagesId);
  61. foreach ($messagesId as $messageId) {
  62. $data[$messageId] = MessageManager::update_message_status(
  63. $restApi->getUser()->getId(),
  64. $messageId,
  65. $messageStatus
  66. );
  67. }
  68. $restResponse->setData($data);
  69. break;
  70. case Rest::GET_USER_COURSES:
  71. $courses = $restApi->getUserCourses();
  72. $restResponse->setData($courses);
  73. break;
  74. case Rest::GET_COURSE_INFO:
  75. $courseInfo = $restApi->getCourseInfo();
  76. $restResponse->setData($courseInfo);
  77. break;
  78. case Rest::GET_COURSE_DESCRIPTIONS:
  79. $descriptions = $restApi->getCourseDescriptions();
  80. $restResponse->setData($descriptions);
  81. break;
  82. case Rest::GET_COURSE_DOCUMENTS:
  83. $directoryId = isset($_POST['dir_id']) ? Security::remove_XSS($_POST['dir_id']) : null;
  84. $documents = $restApi->getCourseDocuments($directoryId);
  85. $restResponse->setData($documents);
  86. break;
  87. case Rest::GET_COURSE_ANNOUNCEMENTS:
  88. $announcements = $restApi->getCourseAnnouncements();
  89. $restResponse->setData($announcements);
  90. break;
  91. case Rest::GET_COURSE_ANNOUNCEMENT:
  92. $announcementId = isset($_POST['announcement']) ? Security::remove_XSS($_POST['announcement']) : 0;
  93. $announcement = $restApi->getCourseAnnouncement($announcementId);
  94. $restResponse->setData($announcement);
  95. break;
  96. case Rest::GET_COURSE_AGENDA:
  97. $agenda = $restApi->getCourseAgenda();
  98. $restResponse->setData($agenda);
  99. break;
  100. case Rest::GET_COURSE_NOTEBOOKS:
  101. $notebooks = $restApi->getCourseNotebooks();
  102. $restResponse->setData($notebooks);
  103. break;
  104. case Rest::GET_COURSE_FORUM_CATEGORIES:
  105. $forums = $restApi->getCourseForumCategories();
  106. $restResponse->setData($forums);
  107. break;
  108. case Rest::GET_COURSE_FORUM:
  109. $forumId = isset($_POST['forum']) ? Security::remove_XSS($_POST['forum']) : 0;
  110. $forum = $restApi->getCourseForum($forumId);
  111. $restResponse->setData($forum);
  112. break;
  113. case Rest::GET_COURSE_FORUM_THREAD:
  114. $forumId = isset($_POST['forum']) ? intval($_POST['forum']) : 0;
  115. $threadId = isset($_POST['thread']) ? intval($_POST['thread']) : 0;
  116. $thread = $restApi->getCourseForumThread($forumId, $threadId);
  117. $restResponse->setData($thread);
  118. break;
  119. case Rest::GET_PROFILE:
  120. $userInfo = $restApi->getUserProfile();
  121. $restResponse->setData($userInfo);
  122. break;
  123. case Rest::GET_COURSE_LEARNPATHS:
  124. $data = $restApi->getCourseLearnPaths();
  125. $restResponse->setData($data);
  126. break;
  127. case Rest::GET_COURSE_LEARNPATH:
  128. $lpId = isset($_REQUEST['lp_id']) ? intval($_REQUEST['lp_id']) : 1;
  129. $restApi->showLearningPath($lpId);
  130. break;
  131. case Rest::SAVE_COURSE:
  132. $data = $restApi->addCourse($_POST);
  133. $restResponse->setData($data);
  134. break;
  135. case Rest::SAVE_USER:
  136. $data = $restApi->addUser($_POST);
  137. $restResponse->setData($data);
  138. break;
  139. case Rest::SUBSCRIBE_USER_TO_COURSE:
  140. $data = $restApi->subscribeUserToCourse($_POST);
  141. $restResponse->setData($data);
  142. break;
  143. case Rest::CREATE_CAMPUS:
  144. $data = $restApi->createCampusURL($_POST);
  145. $restResponse->setData($data);
  146. break;
  147. case Rest::EDIT_CAMPUS:
  148. $data = $restApi->editCampusURL($_POST);
  149. $restResponse->setData($data);
  150. break;
  151. case Rest::DELETE_CAMPUS:
  152. $data = $restApi->deleteCampusURL($_POST);
  153. $restResponse->setData($data);
  154. break;
  155. case Rest::SAVE_SESSION:
  156. $data = $restApi->addSession($_POST);
  157. $restResponse->setData($data);
  158. break;
  159. case Rest::GET_USERS:
  160. $data = $restApi->getUsersCampus($_POST);
  161. $restResponse->setData($data);
  162. break;
  163. case Rest::GET_COURSE:
  164. $data = $restApi->getCoursesCampus($_POST);
  165. $restResponse->setData($data);
  166. break;
  167. case Rest::ADD_COURSES_SESSION:
  168. $data = $restApi->addCoursesSession($_POST);
  169. $restResponse->setData($data);
  170. break;
  171. case Rest::ADD_USER_SESSION:
  172. $data = $restApi->addUsersSession($_POST);
  173. $restResponse->setData($data);
  174. break;
  175. case Rest::SAVE_FORUM_POST:
  176. if (
  177. empty($_POST['title']) || empty($_POST['text']) || empty($_POST['thread']) || empty($_POST['forum'])
  178. ) {
  179. throw new Exception(get_lang('No data available'));
  180. }
  181. $forumId = isset($_POST['forum']) ? intval($_POST['forum']) : 0;
  182. $notify = !empty($_POST['notify']);
  183. $parentId = !empty($_POST['parent']) ? intval($_POST['parent']) : null;
  184. $postValues = [
  185. 'post_title' => $_POST['title'],
  186. 'post_text' => nl2br($_POST['text']),
  187. 'thread_id' => $_POST['thread'],
  188. 'forum_id' => $_POST['forum'],
  189. 'post_notification' => $notify,
  190. 'post_parent_id' => $parentId,
  191. ];
  192. $data = $restApi->saveForumPost($postValues, $forumId);
  193. $restResponse->setData($data);
  194. break;
  195. case Rest::GET_USER_SESSIONS:
  196. $courses = $restApi->getUserSessions();
  197. $restResponse->setData($courses);
  198. break;
  199. case Rest::SAVE_USER_MESSAGE:
  200. $receivers = isset($_POST['receivers']) ? $_POST['receivers'] : [];
  201. $subject = !empty($_POST['subject']) ? $_POST['subject'] : null;
  202. $text = !empty($_POST['text']) ? $_POST['text'] : null;
  203. $data = $restApi->saveUserMessage($subject, $text, $receivers);
  204. $restResponse->setData($data);
  205. break;
  206. case Rest::GET_MESSAGE_USERS:
  207. $search = !empty($_REQUEST['q']) ? $_REQUEST['q'] : null;
  208. if (!$search || strlen($search) < 2) {
  209. throw new Exception(get_lang('Too short'));
  210. }
  211. $data = $restApi->getMessageUsers($search);
  212. $restResponse->setData($data);
  213. break;
  214. case Rest::SAVE_COURSE_NOTEBOOK:
  215. $title = !empty($_POST['title']) ? $_POST['title'] : null;
  216. $text = !empty($_POST['text']) ? $_POST['text'] : null;
  217. $data = $restApi->saveCourseNotebook($title, $text);
  218. $restResponse->setData($data);
  219. break;
  220. case Rest::SAVE_FORUM_THREAD:
  221. if (
  222. empty($_POST['title']) || empty($_POST['text']) || empty($_POST['forum'])
  223. ) {
  224. throw new Exception(get_lang('No data available'));
  225. }
  226. $forumId = isset($_POST['forum']) ? intval($_POST['forum']) : 0;
  227. $notify = !empty($_POST['notify']);
  228. $threadInfo = [
  229. 'post_title' => $_POST['title'],
  230. 'forum_id' => $_POST['forum'],
  231. 'post_text' => nl2br($_POST['text']),
  232. 'post_notification' => $notify,
  233. ];
  234. $data = $restApi->saveForumThread($threadInfo, $forumId);
  235. $restResponse->setData($data);
  236. break;
  237. default:
  238. throw new Exception(get_lang('Invalid action'));
  239. }
  240. } catch (Exception $exeption) {
  241. $restResponse->setErrorMessage(
  242. $exeption->getMessage()
  243. );
  244. }
  245. header('Content-Type: application/json');
  246. header('Access-Control-Allow-Origin: *');
  247. echo $restResponse->format();