Invalid Username or Password endquote; exit; } //Plug in throttling function here if desired if (userThrottled($_GET['username'])) { echo <<< endquote Query limit reached, please try again tommorow endquote; exit; } //Set up your own array functions here $API = array(); /* Example: $expectedValues = array("name", "title"); $optionalValues = array("year", "publisher"); $API[] = array("lookup", "lookupCall", $expectedValues, $optionalValues); $expectedValues = array("keyword"); $optionalValues = array(); $API[] = array("search", "searchCall", $expectedValues, $optionalValues); describeAPI($API); */ //Framework iterates through array looking to match the requested method // with a service the framework provides $error = array(); $matchedMethod = false; $validRequestFormat = false; foreach($API as $item) { if ($item[0] == $_GET['method']) { $matchedMethod = true; $validRequestFormat = checkValues($_GET, $item[2], $item[3], &$error); break; } } //Framework was unable to match method, return an error if ($matchedMethod == false) { echo <<< endquote Unknown or missing method endquote; exit; }else if ($validRequestFormat == false) { echo "\n" . implode("\n",$error) . ""; exit; } //Method was matched, and contained required paramaters, call the apropriate // function call_user_func($item[1], $_GET); function checkValues($request, $required, $optional, &$error) { $required[] = "method"; $required[] = "username"; $required[] = "password"; // Ensure all elements passed are either requied or optional $requestTemp = array(); $requestTemp = array_diff(array_keys($request), $optional); $requestTemp = array_diff($requestTemp, $required); if (count($requestTemp) > 0) { print_r($requestTemp); foreach ($requestTemp as $unknownElement => $unknownValue) { // *SECURITY ISSUE* // Failing to escape the user data present in $unknownElement could // expose your site to a XSS vulnerability //Original: //$error[] = "Unknown Element: $unknownElement"; //Corrected: $error[] = "Unknown Element: " . htmlentities($unknownElement) . ""; } } // Ensure all requied elements are present $requiredTemp = array(); $requiredTemp = array_diff($required, array_keys($request)); if (count($requiredTemp) > 0) { foreach ($requiredTemp as $missingElement) { $error[] = "Missing required element: $missingElement"; } } if (count($error) == 0) { return true; }else { return false; } } function describeAPI($API) { foreach($API as $service) { echo "Method Name: {$service[0]}
"; echo "Requried Parameters: " . implode(",", $service[2]) . "
"; echo "Optional Parameters: " . implode(",", $service[3]) . "

"; } exit; } function checkUser($username, $password) { return true; } function searchCall($request) { echo "SearchCall has been called, I will handle the request as best I can!"; } function userThrottled($username) { return false; } ?>