From 37dc835dd3fe79ee5fe6139d4df4c541ffe3f6c7 Mon Sep 17 00:00:00 2001
From: Sven Slootweg <jamsoftgamedev@gmail.com>
Date: Tue, 8 May 2012 03:38:59 +0200
Subject: [PATCH] Internal API stuff

---
 frontend/api.local.php                        | 75 +++++++++++++++++++
 frontend/includes/.gitignore                  |  1 +
 .../includes/include.config.api.sample.php    | 14 ++++
 frontend/includes/include.config.php          |  4 +-
 4 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 frontend/api.local.php
 create mode 100644 frontend/includes/.gitignore
 create mode 100644 frontend/includes/include.config.api.sample.php

diff --git a/frontend/api.local.php b/frontend/api.local.php
new file mode 100644
index 0000000..8f7f5a0
--- /dev/null
+++ b/frontend/api.local.php
@@ -0,0 +1,75 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+
+$_CVM = true;
+require("includes/include.base.php");
+
+$return_object = array();
+$return_success = false;
+
+if(isset($_GET['key']) && $_GET['key'] == $settings['local_api_key'])
+{
+	switch($_GET['action'])
+	{
+		case "verify_user":
+			$sUsername = mysql_real_escape_string($_GET['username']);
+			if($result = mysql_query_cached("SELECT * FROM users WHERE `Username` = '{$sUsername}'"))
+			{
+				$sUser = new User($result);
+				
+				if($sUser->VerifyPassword($_GET['password']) === true)
+				{
+					$return_object = true;
+					$return_success = true;
+				}
+				else
+				{
+					$return_object = false;
+					$return_success = true;
+				}
+			}
+			break;
+			
+		case "list_vps":
+			if(!empty($_GET['userid']))
+			{
+				$sUserId = (is_numeric($_GET['userid'])) ? $_GET['userid'] : 0;
+				$query = "SELECT * FROM containers WHERE `UserId` = '{$sUserId}'";
+			}
+			else
+			{
+				$query = "SELECT * FROM containers";
+			}
+			
+			if($result = mysql_query_cached($query))
+			{
+				// TODO: output results
+			}
+			break;
+			
+		case "vps_info":
+			// TODO: return VPS info
+			break;
+	}
+}
+else
+{
+	$return_object = "Authentication failure.";
+}
+
+echo(json_encode(array(
+	'status'	=> $return_success,
+	'data'		=> $return_object
+)));
+
+?>
diff --git a/frontend/includes/.gitignore b/frontend/includes/.gitignore
new file mode 100644
index 0000000..c6dc218
--- /dev/null
+++ b/frontend/includes/.gitignore
@@ -0,0 +1 @@
+include.config.api.php
diff --git a/frontend/includes/include.config.api.sample.php b/frontend/includes/include.config.api.sample.php
new file mode 100644
index 0000000..7379be7
--- /dev/null
+++ b/frontend/includes/include.config.api.sample.php
@@ -0,0 +1,14 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+
+$settings['local_api_key'] = "something";
diff --git a/frontend/includes/include.config.php b/frontend/includes/include.config.php
index a991646..53dbcd3 100644
--- a/frontend/includes/include.config.php
+++ b/frontend/includes/include.config.php
@@ -14,5 +14,7 @@
 $settings['master_privkey'] = "/etc/cvm/key";
 $settings['master_pubkey'] = "/etc/cvm/key.pub";
 $settings['salt'] = "kAU0qM";
- 
+
+require("include.config.api.php");
+
 ?>