-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.php
89 lines (75 loc) · 2.23 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
ini_set('memory_limit', '256M'); // or any higher value like '512M'
// Database connection settings
$host = '172.18.0.2';
$user = 'root';
$password = 'passw0rd';
$database = 'dmr-database';
$table = 'radioid_data';
$columns = ['RADIO_ID', 'CALLSIGN', 'FIRST_NAME', 'CITY', 'STATE', 'COUNTRY'];
// Define the API password
$apiPassword = 'passw0rd';
// Create connection
$conn = new mysqli($host, $user, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Function to escape SQL special characters
function escape($value) {
global $conn;
return $conn->real_escape_string($value);
}
// Check for password
if (!isset($_GET['key']) || $_GET['key'] !== $apiPassword) {
header('Content-Type: application/json');
echo json_encode(['error' => 'Unauthorized access. Please provide a valid password.']);
exit;
}
// Fetch query parameters
$searchParams = [];
foreach ($columns as $column) {
if (isset($_GET[strtolower($column)])) {
$searchParams[$column] = $_GET[strtolower($column)];
}
}
// Display overview of options if no parameters are given
if (empty($searchParams)) {
header('Content-Type: application/json');
echo json_encode([
'message' => 'Please provide one or more of the following parameters: f.e. api.php?callsign=pd2emc',
'parameters' => array_map('strtolower', $columns)
]);
exit;
}
// Build SQL query
$sql = "SELECT * FROM $table";
$whereClauses = [];
foreach ($searchParams as $column => $value) {
if (strpos($value, '*') !== false) {
$value = str_replace('*', '%', escape($value));
$whereClauses[] = "$column LIKE '$value'";
} else {
$value = escape($value);
$whereClauses[] = "$column = '$value'";
}
}
if (count($whereClauses) > 0) {
$sql .= " WHERE " . implode(' AND ', $whereClauses);
}
// Execute query
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$output = [];
while ($row = $result->fetch_assoc()) {
$output[] = $row;
}
header('Content-Type: application/json');
echo json_encode($output);
} else {
header('Content-Type: application/json');
echo json_encode([]);
}
// Close connection
$conn->close();
?>