commit 120f19752ba9bc6c2eb82b263f5bfd2e23c6b2be
Author: franzz <francois@lutran.fr>
Date:   Tue Oct 6 21:18:39 2015 +0200

    init

diff --git a/inc/auth.php b/inc/auth.php
new file mode 100755
index 0000000..2aedf19
--- /dev/null
+++ b/inc/auth.php
@@ -0,0 +1,174 @@
+<?php
+
+class Auth extends PhpObject
+{
+	const ALGO = PASSWORD_DEFAULT;
+	const COST = 12;
+	const TOKEN_SEP = '|';
+	const USER_COOKIE_PASS = 'checksum';
+	
+	/**
+	 * Database Connection
+	 * @var MySqlManager
+	 */
+	private $oMySql;
+	private $iUserId;
+	private $sApiKey;
+	
+	public function __construct($oMySql, $sApiKey='', $bAutoLogin=true)
+	{
+		$this->oMySql = $oMySql;
+		$this->setUserId(0);
+		$this->sApiKey = $sApiKey;
+		if($bAutoLogin) $this->autoLogIn();
+	}
+	
+	private function setUserId($iUserId)
+	{
+		$this->iUserId = $iUserId;
+	}
+	
+	public function getUserId()
+	{
+		return $this->iUserId;
+	}
+	
+	public function isLoggedIn()
+	{
+		return ($this->getUserId() > 0);
+	}
+	
+	public function logMeIn($sToken)
+	{
+		$sDesc = '';
+		if($sToken!='')
+		{
+			$sLoginToken = addslashes(strstr($sToken, self::TOKEN_SEP, true));
+			$sPassToken = substr(strstr($sToken, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
+			if($sLoginToken!='' && $sPassToken!='')
+			{
+				$asEmpl = $this->oMySql->selectRow(MyThoughts::USER_TABLE, array("MD5(".MySqlManager::getText(MyThoughts::USER_TABLE).")"=>$sLoginToken));
+				if(!empty($asEmpl))
+				{
+					if(self::CheckPassword($sPassToken, $asEmpl['pass']))
+					{
+						$this->setUserId($asEmpl[MySqlManager::getId(MyThoughts::USER_TABLE)]);
+						$this->resetAuthCookie($this->getUserId());
+					}
+					else $sDesc = 'wrong password';
+				}
+				else $sDesc = 'unknown nickname';
+			}
+			else $sDesc = 'corrupted token, please login again';
+		}
+		else $sDesc = 'no credentials has been received by the server';
+		
+		return MyThoughts::getJsonResult($this->isLoggedIn(), $sDesc);
+	}
+	
+	public function autoLogIn()
+	{
+		if(isset($_COOKIE[self::USER_COOKIE_PASS]))
+		{
+			$sCookie = $_COOKIE[self::USER_COOKIE_PASS];
+			$iUserId = addslashes(strstr($sCookie, self::TOKEN_SEP, true));
+			$sCookie = substr(strstr($sCookie, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
+		
+			$asEmpl = $this->oMySql->selectRow(MyThoughts::USER_TABLE, array(MySqlManager::getId(MyThoughts::USER_TABLE)=>$iUserId));
+			if(!empty($asEmpl))
+			{
+				if($sCookie==$asEmpl['cookie'])
+				{
+					$this->setUserId($asEmpl[MySqlManager::getId(MyThoughts::USER_TABLE)]);
+		
+					//Reset pass once a day
+					if(mb_substr($asEmpl['led'], 0, 10) != date('Y-m-d')) $this->resetAuthCookie($this->getUserId());
+				}
+				else $this->addError('token corrompu pour le user '.$asEmpl[MySqlManager::getId(MyThoughts::USER_TABLE)]);
+			}
+			else $this->addError('Utilisateur '.$iUserId.' inconnu');
+		}
+	}
+	
+	public function addUser($sSafeNickName, $sNickName, $bLogMeIn=false)
+	{
+		$sPass = self::HashPassword(self::getLoginToken($sSafeNickName));
+		$bExist = $this->oMySql->pingValue(MyThoughts::USER_TABLE, array(MySqlManager::getText(MyThoughts::USER_TABLE)=>$sSafeNickName));
+		if($bExist) return -1;
+		else
+		{
+			$iUserId = $this->oMySql->insertRow(MyThoughts::USER_TABLE, array(MySqlManager::getText(MyThoughts::USER_TABLE)=>$sSafeNickName, 'nickname'=>$sNickName));
+			if($iUserId>0)
+			{
+				$this->resetPass($iUserId);
+				if($bLogMeIn) $this->logMeIn(md5($sSafeNickName).self::TOKEN_SEP.$this->getLoginToken($sSafeNickName));
+			}
+		}
+		return $iUserId;
+	}
+	
+	//TODO integrate with logMeIn()
+	public function checkApiKey($sApiKey)
+	{
+		return ($this->sApiKey!='' && $sApiKey==$this->sApiKey);
+	}
+	
+	private function resetPass($iUserId=0)
+	{
+		$sUserIdCol = MySqlManager::getId(MyThoughts::USER_TABLE);
+		$sUserTextCol = MySqlManager::getText(MyThoughts::USER_TABLE);
+		
+		$asInfo = array('select'=>array($sUserIdCol, $sUserTextCol), 'from'=>MyThoughts::USER_TABLE);
+		if($iUserId>0) $asInfo['constraint'] = array($sUserIdCol=>$iUserId);
+		
+		$asUsers = $this->oMySql->selectRows($asInfo);
+		foreach($asUsers as $asUser)
+		{
+			$sToken = self::HashPassword(self::getLoginToken($asUser[$sUserTextCol]));
+			$this->oMySql->updateRow(MyThoughts::USER_TABLE, array(MySqlManager::getId(MyThoughts::USER_TABLE)=>$asUser[$sUserIdCol]), array('pass'=>$sToken));
+		}
+	}
+	
+	private static function getLoginToken($sPass)
+	{
+		//Add Server Name
+		$sServerName = array_key_exists('SERVER_NAME', $_SERVER)?$_SERVER['SERVER_NAME']:$_SERVER['PWD'];
+		$sAppPath = $_SERVER['REQUEST_SCHEME'].'://'.str_replace(array('http://', 'https://'), '', $sServerName.dirname($_SERVER['SCRIPT_NAME']));
+		$_GET['serv_name'] = $sAppPath.(mb_substr($sAppPath, -1)!='/'?'/':'');
+		return md5($sPass.$_GET['serv_name']);
+	}
+	
+	private function resetAuthCookie($iUserId)
+	{
+		$sNewPass = self::getAuthCookie($iUserId);
+		$iTimeLimit = time()+60*60*24*30;
+		//mysqli_query($con, "UPDATE EMPLOYEE SET COOKIE = '".addslashes($sNewPass)."' WHERE ID = ".$iUserId);
+		$this->oMySql->updateRow(MyThoughts::USER_TABLE, array(MySqlManager::getId(MyThoughts::USER_TABLE)=>$iUserId), array("cookie"=>$sNewPass));
+		setcookie(self::USER_COOKIE_PASS, $iUserId.self::TOKEN_SEP.$sNewPass, $iTimeLimit);
+	}
+	
+	private static function getAuthCookie()
+	{
+		return self::HashPassword
+		(
+			$_SERVER['HTTP_USER_AGENT'].
+			$_SERVER['REMOTE_ADDR'].
+			$_SERVER['REQUEST_TIME'].
+			mb_strstr(microtime(), ' ', true).
+			$_SERVER['SERVER_SIGNATURE'].
+			$_SERVER['SERVER_ADMIN']
+		);
+	}
+	
+	private static function HashPassword($sPass)
+	{
+		return password_hash($sPass, self::ALGO, array('cost'=>self::COST));
+	}
+
+	private static function CheckPassword($sPass, $sHash)
+	{
+		return password_verify($sPass, $sHash);
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/inc/pedidor.php b/inc/pedidor.php
new file mode 100755
index 0000000..1c1666a
--- /dev/null
+++ b/inc/pedidor.php
@@ -0,0 +1,328 @@
+<?php
+
+/**
+ * Main Class
+ * @author franzz
+ * @version 0.1
+ */
+class Pedidor extends Main
+{
+	//Interface keywords
+	const SUCCESS = 'success';
+	const ERROR = 'error';
+	const UNAUTHORIZED = 'unauthorized';
+	const NOT_FOUND = 'unknown action';
+	
+	//SQL tables
+	const USER_TABLE = 'users';
+	const MATL_TABLE = 'materials';
+	const ORDER_TABLE = 'orders';
+	
+	//Pedidor
+	const URL_DATE_FORMAT = 'Ymd';
+	const LAYOUT_DATE_FORMAT = 'F \t\h\e jS, Y';
+	const MYSQL_DATE_FORMAT = 'Y-m-d';
+	const LAYOUT_TIME_FORMAT = 'G:i';
+	
+	//Objects
+	private $oClassManagement;
+	
+	/**
+	 * Database Connection
+	 * @var MySqlManager
+	 */
+	private $oMySql;
+	
+	/**
+	 * 
+	 * @var Auth
+	 */
+	private $oAuth;	
+	
+	//Variables
+	private $asContext;
+	//...
+
+	/**
+	 * Main constructor [to be called from index.php]
+	 * @param ClassManagement $oClassManagement
+	 * @param string $sLang
+	 */
+	public function __construct($oClassManagement, $sProcessPage)
+	{
+		parent::__construct(__CLASS__, Settings::DEBUG);
+		$this->oClassManagement = $oClassManagement;
+		$this->setContext($sProcessPage);
+		
+		//Load classes
+		$this->oClassManagement->incClass('mysqlmanager');
+		$this->oClassManagement->incClass('auth', true);
+		//$this->oClassManagement->incClass('calendar', true);
+		
+		//Init objects
+		$this->oMySql = new MySqlManager(Settings::DB_SERVER, Settings::DB_LOGIN, Settings::DB_PASS, Settings::DB_NAME, self::getSqlOptions() , Settings::DB_ENC);
+		if($this->oMySql->sDbState == MySqlManager::DB_NO_DATA) $this->install();
+		else $this->oAuth = new Auth($this->oMySql, Settings::API_KEY);
+	}
+	
+	private function install()
+	{
+		$this->oAuth = new Auth($this->oMySql, Settings::API_KEY, false);
+		
+		//Install DB
+		$this->oMySql->install();
+		$this->addUser('franzz');
+		$this->addUser('laura');
+	}
+	
+	private function setContext($sProcessPage)
+	{
+		//Browser <> PHP <> MySql synchronization
+		date_default_timezone_set(Settings::TIMEZONE);
+		ini_set('default_charset', Settings::TEXT_ENC);
+		header('Content-Type: text/html; charset='.Settings::TEXT_ENC);
+		mb_internal_encoding(Settings::TEXT_ENC);
+		mb_http_output(Settings::TEXT_ENC);
+		mb_http_input(Settings::TEXT_ENC);
+		mb_language('uni');
+		mb_regex_encoding(Settings::TEXT_ENC);
+		
+		$this->asContext['process_page'] = basename($sProcessPage);
+	
+		$sServerName = array_key_exists('SERVER_NAME', $_SERVER)?$_SERVER['SERVER_NAME']:$_SERVER['PWD'];
+		$sAppPath = 'http://'.str_replace('http://', '', $sServerName.dirname($_SERVER['SCRIPT_NAME']));
+		$this->asContext['serv_name'] = $sAppPath.(mb_substr($sAppPath, -1)!='/'?'/':'');
+	}
+	
+	public function addUncaughtError($sError)
+	{
+		$this->addError('Uncaught errors:'."\n".$sError);
+	}
+	
+	/* Authorizations handling */
+	
+	public function isLoggedIn()
+	{
+		return $this->oAuth->isLoggedIn();
+	}
+	
+	public function logMeIn($sToken)
+	{
+		return $this->oAuth->logMeIn($sToken);
+	}
+	
+	public function checkApiKey($sApiKey)
+	{
+		return $this->oAuth->checkApiKey($sApiKey);
+	}
+	
+	/* Building main pages */
+	
+	public function getPage($bLoggedIn)
+	{
+		//Constants
+		$asPages = array('logon', 'write', 'settings', 'template');
+		foreach($asPages as $sPage) $asGlobalVars['consts']['pages'][$sPage] = $this->getPageContent($sPage);
+		$asGlobalVars['consts']['token_sep'] = Auth::TOKEN_SEP;
+		$asGlobalVars['consts']['error'] = self::ERROR;
+		$asGlobalVars['consts']['success'] = self::SUCCESS;
+		$asGlobalVars['consts']['context'] = $this->asContext;
+		$asGlobalVars['vars']['id'] = $this->oAuth->getUserId();
+		$asGlobalVars['vars']['log_in'] = $bLoggedIn;
+		
+		//Main Page
+		$sPage = $this->getPageContent('index');
+		$sPage = str_replace('asGlobalVars', json_encode($asGlobalVars), $sPage);
+		return $sPage;
+	}
+	
+	private function getPageContent($sPage)
+	{
+		$sPageFile = 'masks/'.$sPage.'.html';
+		return file_get_contents($sPageFile);
+	}
+	
+	/* DB structure. See MySqlManager::__construct */
+	
+	private static function getSqlOptions()
+	{
+		return array
+		(
+			'tables' 			=>	array
+									(
+										self::USER_TABLE	=>array(MySqlManager::getText(self::USER_TABLE), 'nickname', 'pass', 'cookie'),
+										self::THOUGHT_TABLE	=>array(MySqlManager::getId(self::USER_TABLE),
+																	MySqlManager::getText(self::THOUGHT_TABLE)),
+										self::SETTINGS_TABLE=>array(MySqlManager::getId(self::USER_TABLE),
+																	MySqlManager::getText(self::SETTINGS_TABLE),
+																	'value')
+									),
+			'types' 			=>	array
+									(
+										MySqlManager::getText(self::USER_TABLE)=>"varchar(50) NOT NULL",
+										'nickname'=>'varchar(60) NOT NULL',
+										'pass'=>"varchar(256) NOT NULL",
+										'cookie'=>"varchar(255) NOT NULL",
+										MySqlManager::getText(self::THOUGHT_TABLE)=>"longtext",
+										MySqlManager::getText(self::SETTINGS_TABLE)=>"varchar(20) NOT NULL",
+										'value'=>"varchar(20) NOT NULL"
+									),
+			'constraints'		=>	array
+									(
+										self::USER_TABLE=>"UNIQUE KEY `username` (`".MySqlManager::getText(self::USER_TABLE)."`)"
+									),
+			'cascading_delete'	=>	array
+									(
+										self::USER_TABLE=>array(self::SETTINGS_TABLE)
+									)
+		);
+	}
+	
+	/* My Thoughts public functions */
+	
+	public function register($sNickName)
+	{
+		$iUserId = $this->addUser($sNickName, true);
+		$bSuccess = false;
+		$sDesc = '';
+		switch($iUserId)
+		{
+			case -1:
+				$sDesc = 'There is already a user using this nickname, sorry!';
+				break;
+			case 0:
+				$sDesc = 'A database error occured. Contact admin';
+				break;
+			default:
+				$bSuccess = true;
+		}
+		return self::getJsonResult($bSuccess, $sDesc);
+	}
+
+	public function updateThought($sThought, $iThoughtId=0)
+	{
+		if($iThoughtId==0)
+		{
+			$iThoughtId = $this->addThought($sThought);
+			$sDesc = 'created';
+		}
+		else
+		{
+			$asKeys = array(MySqlManager::getId(self::USER_TABLE)	=> $this->oAuth->getUserId(),
+					MySqlManager::getId(self::THOUGHT_TABLE)=> $iThoughtId);
+			$asThought = array(MySqlManager::getText(self::THOUGHT_TABLE) => self::encodeThought($sThought));
+			$iThoughtId = $this->oMySql->updateRow(self::THOUGHT_TABLE, $asKeys, $asThought);
+			$sDesc = 'updated';
+		}
+		$bSuccess = ($iThoughtId>0);
+		$sDesc = 'thought '.($bSuccess?'':'not ').$sDesc;
+		return self::getJsonResult($bSuccess, $sDesc, $this->getThoughtInfo($iThoughtId));
+	}
+	
+	/* My Thoughts private functions */
+	
+	private function addUser($sNickName, $bLogMeIn=false)
+	{
+		$iUserId = $this->oAuth->addUser(self::getSafeNickName($sNickName), $sNickName, $bLogMeIn);
+		if($iUserId>0) $this->addThought(file_get_contents(self::WELCOME_MSG_FILE), $iUserId);
+		return $iUserId;
+	}
+	
+	private function addThought($sThought, $iUserId=-1)
+	{
+		if($iUserId==-1) $iUserId = $this->oAuth->getUserId();
+		if($iUserId!=0)
+		{
+			$asThought = array(	MySqlManager::getId(self::USER_TABLE)		=> $iUserId,
+								MySqlManager::getText(self::THOUGHT_TABLE)	=> self::encodeThought($sThought));
+			$ithoughtId = $this->oMySql->insertRow(self::THOUGHT_TABLE, $asThought);
+		}
+		else $this->addError('Adding a thought with no user id');
+		return $ithoughtId;
+	}
+
+	private function getThoughtInfo($iThoughtId, $bThoughtContent=false)
+	{
+		$asThoughtInfo = array();
+		if($iThoughtId>0)
+		{
+			$asThoughtInfo = $this->oMySql->selectRow(self::THOUGHT_TABLE, $iThoughtId);
+			if(!$bThoughtContent) unset($asThoughtInfo[MySqlManager::getText(self::THOUGHT_TABLE)]);
+		}
+		else $this->addError('getting thought info with no thought id');
+		return $asThoughtInfo;
+	}
+	
+	/* Static toolbox functions */
+
+	private static function encodeThought($sthought)
+	{
+		return base64_encode(serialize(explode("\n", self::shuffleText($sthought))));
+	}
+	
+	private static function decodeThought($sEncodedThought)
+	{
+		return self::shuffleText(implode("\n", unserialize(base64_decode($sEncodedThought))));
+	}
+	
+	private static function shuffleText($sText)
+	{
+		$sRandomText = "let's_mess%a&bit;with~it,!just§for¨the^sake*of-it";
+		for($iIndex=0; $iIndex < strlen($sText); $iIndex++)
+		{
+			$sText[$iIndex] = $sRandomText[$iIndex%strlen($sRandomText)] ^ $sText[$iIndex];
+		}
+		return $sText;
+	}
+	
+	public static function getJsonResult($bSuccess, $sDesc='', $asVars=array())
+	{
+		header('Content-type: application/json');
+		return json_encode(array('result'=>$bSuccess?self::SUCCESS:self::ERROR, 'desc'=>ToolBox::mb_ucwords($sDesc))+$asVars);
+	}
+	
+	public function getSafeNickName($sNickName)
+	{
+		return $sNickName;
+	}
+	
+	public static function getDateTimeDesc($oTime)
+	{
+		$iTimeStamp = is_numeric($oTime)?$oTime:strtotime($oTime);
+		$sCurTimeStamp = time();
+	
+		$asWeekDays = array('monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'satursday', 'sunday');
+		$asMonths = array('january', 'february', 'march', 'april', 'may', 'june', 'july', 'august', 'september', 'october', 'november', 'december');
+		$sSep = '|';
+		$sFormat = 'Y'.$sSep.'n'.$sSep.'W'.$sSep.'N'.$sSep.'j'.$sSep.'G';
+		list($sYear, $sMonth, $sWeek, $sWeekDay, $sDay, $sHour) = explode($sSep, date($sFormat, $iTimeStamp));
+		list($sCurYear, $sCurMonth, $sCurWeek, $sCurWeekDay, $sCurDay, $sCurHour) = explode($sSep, date($sFormat, $sCurTimeStamp));
+	
+		$sDesc = '';
+		if($iTimeStamp>$sCurTimeStamp) $sDesc = 'in the future';
+		elseif($sCurTimeStamp-$iTimeStamp<60) $sDesc = 'a few seconds ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*10) $sDesc = 'a few minutes ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*20) $sDesc = '15 minutes ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*50) $sDesc = 'half an hour ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*2) $sDesc = 'an hour ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24 && $sDay==$sCurDay) $sDesc = 'at '.$sHour.' o\'clock';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24) $sDesc = 'yesterday';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*7 && $sWeek==$sCurWeek) $sDesc = $asWeekDays[$sWeekDay-1];
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*7) $sDesc = 'last '.$asWeekDays[$sWeekDay-1];
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*9) $sDesc = 'a week ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*12) $sDesc = '10 days ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*16) $sDesc = '2 weeks ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*23) $sDesc = '3 weeks ago';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*31 && $sMonth==$sCurMonth) $sDesc = 'on '.$asMonths[$sMonth-1].', '.$sDay;
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*30*2 && $sMonth==($sCurMonth-1)) $sDesc = 'last month';
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*365 && $sYear==$sCurYear) $sDesc = 'in '.$asMonths[$sMonth-1];
+		elseif($sCurTimeStamp-$iTimeStamp<60*60*24*365) $sDesc = 'in '.$asMonths[$sMonth-1].' '.$sYear;
+		elseif($sYear==($sCurYear-1)) $sDesc = 'last year';
+		else $sDesc = 'in '.$sYear;
+	
+		//return self::mb_ucfirst($sDesc);
+		return $sDesc;
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/index.php b/index.php
new file mode 100755
index 0000000..2efc1b0
--- /dev/null
+++ b/index.php
@@ -0,0 +1,80 @@
+<?php
+
+/*
+ Pedidor Project
+ http://git.lutran.fr/main.git
+ Copyright (C) 2015 François Lutran
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see http://www.gnu.org/licenses
+ */
+
+/* Requests Handler */
+
+//Start buffering
+ob_start();
+require_once '../objects/class_management.php';
+$oClassManagement = new ClassManagement('pedidor');
+ToolBox::cleanPost($_POST);
+ToolBox::cleanPost($_GET);
+ToolBox::cleanPost($_REQUEST);
+ToolBox::fixGlobalVars(isset($argv)?$argv:array());
+
+//Available variables
+$sToken = isset($_GET['token'])?$_GET['token']:'';
+$sAction = isset($_REQUEST['a'])?$_REQUEST['a']:'';
+$sPage = isset($_GET['p'])?$_GET['p']:'index';
+$iApiKey = isset($_GET['api'])?$_GET['api']:'';
+$sContent = isset($_POST['content'])?$_POST['content']:'';
+$iId = isset($_REQUEST['id'])?$_REQUEST['id']:0;
+
+//Initiate class
+$oPedidor = new Pedidor($oClassManagement, __FILE__);
+$bLoggedIn = $oPedidor->isLoggedIn();
+
+$sResult = '';
+if($sAction=='logmein') $sResult = $oPedidor->logMeIn($sToken);
+elseif($sAction!='' && $bLoggedIn)
+{
+	switch($sAction)
+	{
+		case '':
+			//$sResult = $oPedidor->
+			break;
+		default:
+			$sResult = Pedidor::getJsonResult(false, Pedidor::NOT_FOUND);
+	}
+}
+elseif($sAction!='' && !$bLoggedIn)
+{
+	if($oPedidor->checkApiKey($iApiKey))
+	{
+		switch($sAction)
+		{
+			case '':
+				//$sResult = $oPedidor->
+				break;
+			default:
+				$sResult = Pedidor::getJsonResult(false, Pedidor::NOT_FOUND);
+		}
+	}
+	else $sResult = Pedidor::getJsonResult(false, Pedidor::UNAUTHORIZED);
+}
+else $sResult = $oPedidor->getPage($bLoggedIn);
+
+$sDebug = ob_get_clean();
+if(Settings::DEBUG && $sDebug!='') $oPedidor->addUncaughtError($sDebug);
+
+echo $sResult;
+
+?>
\ No newline at end of file
diff --git a/settings.php b/settings.php
new file mode 100755
index 0000000..927bb2c
--- /dev/null
+++ b/settings.php
@@ -0,0 +1,16 @@
+<?php
+
+class Settings
+{
+	const DB_SERVER = 'localhost';
+	const DB_LOGIN = '';
+	const DB_PASS = '';
+	const DB_NAME = 'pedidor';
+	const DB_ENC = 'utf8mb4';
+	const TEXT_ENC = 'UTF-8';
+	const TIMEZONE = 'Europe/Paris';
+	const API_KEY = '';
+	const DEBUG = true;
+}
+
+?>
\ No newline at end of file