File: //opt/wpsites/alumni.dataconn.net/api.php
<?php
session_start();
// CONFIGURATION
define('DATA_DIR', '/opt/data/alumni/');
define('CSV_FILE', DATA_DIR . 'alumni_db.csv');
define('LOG_FILE', DATA_DIR . 'change_log.txt');
// HARDCODED USERS
$USERS = [
'admin' => ['password' => password_hash('zX12cV3_', PASSWORD_DEFAULT), 'role' => 'Admin'],
// 'editor' => ['password' => password_hash('editor123', PASSWORD_DEFAULT), 'role' => 'Editor'],
'viewer' => ['password' => password_hash('viewer123', PASSWORD_DEFAULT), 'role' => 'Viewer'],
'katherine' => ['password' => password_hash('GSU123!', PASSWORD_DEFAULT), 'role' => 'Editor'],
'rachel' => ['password' => password_hash('GSU123!', PASSWORD_DEFAULT), 'role' => 'Editor'],
'christy' => ['password' => password_hash('GSU123!', PASSWORD_DEFAULT), 'role' => 'Editor']
];
function jsonResponse($data) {
header('Content-Type: application/json');
echo json_encode($data);
exit;
}
function isLoggedIn() {
return isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true;
}
function canEdit() {
return isLoggedIn() && ($_SESSION['role'] === 'Admin' || $_SESSION['role'] === 'Editor');
}
function readCSV() {
if (!file_exists(CSV_FILE)) {
return ['success' => false, 'error' => 'CSV file not found'];
}
$data = [];
if (($handle = fopen(CSV_FILE, 'r')) !== false) {
$headers = fgetcsv($handle);
while (($row = fgetcsv($handle)) !== false) {
$data[] = array_combine($headers, $row);
}
fclose($handle);
}
return ['success' => true, 'data' => $data];
}
function writeCSV($data) {
if (empty($data)) {
return ['success' => false, 'error' => 'No data to save'];
}
if (!is_writable(DATA_DIR)) {
return ['success' => false, 'error' => 'Data directory not writable'];
}
if (file_exists(CSV_FILE) && !is_writable(CSV_FILE)) {
return ['success' => false, 'error' => 'CSV file not writable'];
}
$headers = array_keys($data[0]);
if (($handle = fopen(CSV_FILE, 'w')) !== false) {
fputcsv($handle, $headers);
foreach ($data as $row) {
$csvRow = [];
foreach ($headers as $header) {
$csvRow[] = isset($row[$header]) ? $row[$header] : '';
}
fputcsv($handle, $csvRow);
}
fclose($handle);
chmod(CSV_FILE, 0664);
return ['success' => true];
}
return ['success' => false, 'error' => 'Could not open CSV file for writing'];
}
function logChange($action, $details) {
if (!isLoggedIn()) return;
$timestamp = date('Y-m-d H:i:s');
$user = $_SESSION['username'];
$role = $_SESSION['role'];
$logEntry = "[$timestamp] User: $user ($role) | Action: $action | Details: $details\n";
file_put_contents(LOG_FILE, $logEntry, FILE_APPEND);
}
function getChangeLog() {
if (!file_exists(LOG_FILE)) {
return ['success' => true, 'log' => []];
}
$lines = file(LOG_FILE, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$log = [];
foreach ($lines as $line) {
if (preg_match('/\[(.*?)\] User: (.*?) \((.*?)\) \| Action: (.*?) \| Details: (.*)/', $line, $matches)) {
$log[] = [
'timestamp' => $matches[1],
'user' => $matches[2],
'role' => $matches[3],
'action' => $matches[4],
'details' => $matches[5]
];
}
}
return ['success' => true, 'log' => $log];
}
// Create directories and files if needed
if (!is_dir(DATA_DIR)) {
mkdir(DATA_DIR, 0755, true);
}
if (!file_exists(CSV_FILE)) {
file_put_contents(CSV_FILE, "RecordId,First Name,Last Name,Primary Email,Secondary Email,All Emails,Major/Concentration,Graduation Year,Semester/Term,State\n");
}
if (!file_exists(LOG_FILE)) {
touch(LOG_FILE);
}
// Handle API Requests
$input = json_decode(file_get_contents('php://input'), true);
$action = $input['action'] ?? '';
switch ($action) {
case 'login':
$username = $input['username'] ?? '';
$password = $input['password'] ?? '';
if (isset($USERS[$username]) && password_verify($password, $USERS[$username]['password'])) {
$_SESSION['logged_in'] = true;
$_SESSION['username'] = $username;
$_SESSION['role'] = $USERS[$username]['role'];
logChange('Login', "User logged in as {$USERS[$username]['role']}");
jsonResponse(['success' => true, 'role' => $USERS[$username]['role']]);
} else {
jsonResponse(['success' => false, 'error' => 'Invalid credentials']);
}
break;
case 'logout':
logChange('Logout', 'User logged out');
session_destroy();
jsonResponse(['success' => true]);
break;
case 'checkSession':
if (isLoggedIn()) {
jsonResponse([
'success' => true,
'loggedIn' => true,
'username' => $_SESSION['username'],
'role' => $_SESSION['role']
]);
} else {
jsonResponse(['success' => true, 'loggedIn' => false]);
}
break;
case 'getData':
if (!isLoggedIn()) {
jsonResponse(['success' => false, 'error' => 'Not logged in']);
}
jsonResponse(readCSV());
break;
case 'saveData':
if (!canEdit()) {
jsonResponse(['success' => false, 'error' => 'Permission denied']);
}
$data = $input['data'] ?? [];
$recordCount = count($data);
logChange('Save Changes', "Saved CSV with $recordCount records");
$result = writeCSV($data);
jsonResponse($result);
break;
case 'logChange':
if (!isLoggedIn()) {
jsonResponse(['success' => false, 'error' => 'Not logged in']);
}
$logAction = $input['logAction'] ?? '';
$logDetails = $input['logDetails'] ?? '';
logChange($logAction, $logDetails);
jsonResponse(['success' => true]);
break;
case 'getChangeLog':
if (!canEdit()) {
jsonResponse(['success' => false, 'error' => 'Permission denied']);
}
jsonResponse(getChangeLog());
break;
default:
jsonResponse(['success' => false, 'error' => 'Invalid action']);
}
?>