add M6 2/3

This commit is contained in:
vadym Novoselskyi 2024-09-26 13:42:49 +02:00
parent 9f543c5f61
commit d3a13e7b75
11 changed files with 255 additions and 231 deletions

View File

@ -0,0 +1,30 @@
<?php
session_start();
include('../model/dbEgyTalk.php');
$db = new dbEgyTalk();
$response['auth'] = false;
$response['userdata'] = null;
// Om redan inlogggad skicka data
//if (isset($_SESSION['uid'])) {
//$user = $db->getUserFromUid($_SESSION['uid']);
//}
if (isset($_POST['username'], $_POST['password'])) {
$user = $db->auth($_POST['username'], $_POST['password']);
}
if (isset($user) && !empty($user)) {
$response['auth'] = true;
$response['userdata'] = $user;
session_regenerate_id();
$_SESSION['uid'] = $user['uid'];
}
if(!$response['auth']) header('HTTP/1.0 401 Unauthorized');
header('Access-Control-Allow-Credentials: true');
header('Content-Type: application/json');
echo json_encode($response, JSON_UNESCAPED_UNICODE);

View File

@ -0,0 +1,20 @@
<?php
session_start();
$response['auth'] = false;
$response['posts'] = null;
if (isset($_SESSION['uid'])) {
$response['auth'] = true;
include('../model/dbEgyTalk.php');
$db = new dbEgyTalk();
$response['posts'] = $db->getAllPosts();
}
// Behövs för session-cookies och anger att formatet är json
header('Access-Control-Allow-Credentials: true');
header('Content-Type: application/json');
// Gör om arrayen till en array med json-objekt
echo json_encode($response, JSON_UNESCAPED_UNICODE);

View File

@ -0,0 +1,75 @@
<?php
if (isset($_POST['login'])) login();
else if (isset($_POST['signup'])) signup();
else if (isset($_POST['logout'])) logout();
else header("Location: ../login.html");
function login()
{
if (!isset($_POST['username'], $_POST['password'])) header("Location: login.html");
include('../model/dbEgyTalk.php');
$db = new dbEgyTalk();
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
$password = $_POST['password'];
$result = $db->login($username, $password);
if ($result == []) {
header("Location: ../login.html");
exit;
}
$_SESSION = array();
session_start();
$_SESSION['uid'] = $result['uid'];
$_SESSION['username'] = $result['username'];
$_SESSION['name'] = $result['surname'] . " " . $result['firstname'];
$_SESSION['password'] = $result['password'];
$_SESSION['logged_in'] = true;
header("Location: ../index.php");
}
function signup()
{
if (!isset($_POST['firstname'], $_POST['surname'], $_POST['username'], $_POST['password'])) {
//header("Location: ../view/login.html");
exit();
}
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$username = $_POST['username'];
$password = $_POST['password'];
include('../model/dbEgyTalk.php');
$db = new dbEgyTalk();
$result = $db->signup($firstname, $surname, $username, $password);
$_SESSION = array();
session_start();
$_SESSION['uid'] = $result['uid'];
$_SESSION['username'] = $result['username'];
$_SESSION['name'] = $result['firstaname'] . " " . $result['surname'];
$_SESSION['password'] = $result['password'];
$_SESSION['logged_in'] = true;
header("Location: ../index.php");
}
function logout()
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$_POST = array();
$_SESSION = array(); // Tömmer sessionsarrayen
session_regenerate_id(true);
header("Location: ../index.php");
exit();
}

View File

@ -1,51 +0,0 @@
<?php
function getUserPosts()
{
$db = include('../inc/egytalk_connect.php');
$stmt = $db->prepare("SELECT post_txt, date FROM post WHERE uid = :uid ORDER By date DESC");
$stmt->bindValue(":uid", $_SESSION['uid']);
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function getAllPosts()
{
$db = include('../inc/egytalk_connect.php');
$stmt = $db->prepare("SELECT user.username, post.post_txt, post.date, post.pid FROM user JOIN post ON user.uid = post.uid ORDER By post.date DESC;");
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function getPost($pid)
{
$db = include('../inc/egytalk_connect.php');
$stmt = $db->prepare("SELECT user.username, post.post_txt, post.date, post.pid FROM user JOIN post ON user.uid = post.uid WHERE pid = :pid");
$stmt->bindValue(":pid", $pid);
$stmt->execute();
return $stmt->fetch(PDO::FETCH_ASSOC);
}
function getComments($pid)
{
$db = include('../inc/egytalk_connect.php');
$stmt = $db->prepare("SELECT user.username, comment.comment_txt, comment.date FROM user JOIN comment ON user.uid = comment.uid WHERE pid = :pid");
$stmt->bindValue(":pid", $pid);
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function postComment($comment)
{
$db = include('../inc/egytalk_connect.php');
$stmt = $db->prepare("INSERT INTO comment (pid, uid, comment_txt, date) VALUES (:pid, :uid, :comment, NOW())");
$stmt->bindValue(":pid", $_SESSION['pid']);
$stmt->bindValue(":uid", $_SESSION['uid']);
$stmt->bindValue(":comment", $comment);
$stmt->execute();
}

View File

@ -1,5 +1,5 @@
<form method="POST" action="index.php?action=comment">
<label>Text comment</label>
<input type="text" name="comment">
<textarea name="comment" rows="2" cols="30"></textarea> <br><br>
<input type="submit" value="Comment it!">
</form>

View File

@ -8,7 +8,7 @@
</head>
<body>
<a href="login.php">Log in</a>
<a href="login.html">Log in</a> <br>
<?php
if (session_status() == PHP_SESSION_NONE) {
session_start();
@ -18,9 +18,16 @@
echo "<h3>Your name " . $_SESSION['name'] . "</h3>";
?>
<form method="post" action="api/auth.php">
<input type="hidden" name="username" value="<?php echo $_SESSION['username']; ?>">
<input type="hidden" name="password" value="<?php echo $_SESSION['password']; ?>">
<input type="submit" value="auth.php">
</form>
<a href="api/getPosts.php">getPosts.php</a>
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="index.php?action=post">Post a post</a></li>
<li><a href="index.php?action=writePost">Post a post</a></li>
<li><a href="index.php?action=userPosts">Your posts</a></li>
<li><a href="index.php?action=allPosts">All posts</a></li>
</ul>
@ -32,13 +39,18 @@
if (isset($_GET['action'])) {
$page = $_GET['action'];
include('../model/dbEgyTalk.php');
include('model/dbEgyTalk.php');
$db = new dbEgyTalk();
switch ($page) {
case 'post':
$db->post($_SESSION['uid'], filter_input(INPUT_POST, 'post', FILTER_SANITIZE_SPECIAL_CHARS));
header('Location: index.php?action=userPosts');
break;
case 'writePost':
echo '
<form method="get" action="post.php">
<form method="post" action="index.php?action=post">
<fieldset>
<legend>Post</legend>
<label>Text post</label>
@ -60,7 +72,7 @@ if (isset($_GET['action'])) {
echo "<hr> <h3>From: " . $_SESSION['username'] . "</h3>";
echo "<p>" . $post['post_txt'] . "</p> <br>";
echo "<h4>" . $post['date'] . "</h4>";
include("../inc/comment.html");
echo "<a href='index.php?action=postInteract&pid=" . $post['pid'] . "'>Interact</a>";
}
echo "</fieldset>";
@ -108,7 +120,7 @@ if (isset($_GET['action'])) {
echo "</fieldset> <br>";
include("../inc/comment.html");
include("inc/comment.html");
echo "</fieldset>";
break;

View File

@ -0,0 +1,36 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>M6 | EgyTalk</title>
</head>
<body>
<form method="post" action="controller/userManipulation.php">
<input type="hidden" name="login">
<label>Username: </label>
<input type="text" name="username"> <br><br>
<label>Password: </label>
<input type="password" name="password"> <br><br>
<input type="submit" value="Log In"> <br><br><br><br>
</form>
<form method="post" action="controller/userManipulation.php">
<input type="hidden" name="signup">
<label>Name: </label>
<input type="text" name="firstname"> <br><br>
<label>Surname: </label>
<input type="text" name="surname"> <br><br>
<label>Username: </label>
<input type="text" name="username"> <br><br>
<label>Password: </label>
<input type="password" name="password"> <br><br>
<input type="submit" value="Sign Up"> <br><br><br><br>
</form>
<form method="post" action="controller/userManipulation.php">
<input type="hidden" name="logout">
<input type="submit" value="Log Out"> <br><br>
</form>
</body>
</html>

View File

@ -23,12 +23,36 @@ class dbEgyTalk
*
* @param $username Användarnamn
* @param $password Lösenord
* @return $response användardata eller tom []
* @return $result användardata eller tom []
*/
function auth($username, $password)
{
$username = trim(filter_var($username, FILTER_UNSAFE_RAW));
$response = [];
$result = [];
$stmt = $this->db->prepare("SELECT * FROM user WHERE username = :user");
$stmt->bindValue(":user", $username);
$stmt->execute();
/** Kontroll att resultat finns */
if ($stmt->rowCount() == 1) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($password == $user['password']) {
$result['uid'] = $user['uid'];
$result['username'] = $user['username'];
$result['firstname'] = $user['firstname'];
$result['surname'] = $user['surname'];
$result['password'] = $user['password'];
}
}
return $result;
}
function login($username, $password)
{
$username = trim(filter_var($username, FILTER_UNSAFE_RAW));
$result = [];
$stmt = $this->db->prepare("SELECT * FROM user WHERE username = :user");
$stmt->bindValue(":user", $username);
@ -39,13 +63,56 @@ class dbEgyTalk
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($password, $user['password'])) {
$response['uid'] = $user['uid'];
$response['username'] = $user['username'];
$response['firstname'] = $user['firstname'];
$response['surname'] = $user['surname'];
$result['uid'] = $user['uid'];
$result['username'] = $user['username'];
$result['firstname'] = $user['firstname'];
$result['surname'] = $user['surname'];
$result['password'] = $user['password'];
}
}
return $response;
return $result;
}
function signup($firstname, $surname, $username, $password)
{
$uid = random_bytes(16);
$uid[6] = chr((ord($uid[6]) & 0x0f) | 0x40);
$uid[8] = chr((ord($uid[8]) & 0x3f) | 0x80);
$uid = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($uid), 4));
$firstname = trim(filter_var($firstname, FILTER_SANITIZE_SPECIAL_CHARS));
$surname = trim(filter_var($surname, FILTER_SANITIZE_SPECIAL_CHARS));
$username = trim(filter_var($username, FILTER_UNSAFE_RAW));
$password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO user(uid, firstname, surname, username, password) VALUES(:uid, :fn, :sn,:user,:pwd)");
$stmt->bindValue(":uid", $uid);
$stmt->bindValue(":fn", $firstname);
$stmt->bindValue(":sn", $surname);
$stmt->bindValue(":user", $username);
$stmt->bindValue(":pwd", $password);
$stmt->execute();
$result = [];
$result['uid'] = $uid;
$result['username'] = $username;
$result['firstname'] = $firstname;
$result['surname'] = $surname;
$result['password'] = $password;
return $result;
}
function post($uid, $post_txt) {
$stmt = $this->db->prepare("INSERT INTO post (uid, post_txt, date) VALUES (:uid, :post, NOW())");
$stmt->bindValue(":uid", $uid);
$stmt->bindValue(":post", $post_txt);
$stmt->execute();
}
/**
@ -62,7 +129,7 @@ class dbEgyTalk
function getUserPosts($uid)
{
$stmt = $this->db->prepare("SELECT post_txt, date FROM post WHERE uid = :uid ORDER By date DESC");
$stmt = $this->db->prepare("SELECT post_txt, date, pid FROM post WHERE uid = :uid ORDER By date DESC");
$stmt->bindValue(":uid", $uid);
@ -98,5 +165,4 @@ class dbEgyTalk
$stmt->execute();
}
}

View File

@ -1,90 +0,0 @@
<?php
if (isset($_POST['login'])) login();
else if (isset($_POST['signup'])) signup();
else if (isset($_POST['logout'])) logout();
else header("Location: login.php");
function login()
{
if (!isset($_POST['username'], $_POST['password'])) header("Location: login.php");
include_once('../inc/egytalk_connect.php');
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
$password = $_POST['password'];
$stmt = $db->prepare("SELECT * FROM user WHERE username = :username");
$stmt->bindValue(":username", $username);
$stmt->execute();
if ($stmt->rowCount() != 1) header("Location: login.php");
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($password, $user['password'])) {
$_SESSION = array();
session_start();
$_SESSION['uid'] = $user['uid'];
$_SESSION['username'] = $user['username'];
$_SESSION['name'] = $user['surname'] . " " . $user['firstname'];
$_SESSION['logged_in'] = true;
header("Location: index.php");
}
}
function signup()
{
if (!isset($_POST['firstName'], $_POST['surName'], $_POST['username'], $_POST['password'])) {
header("Location: login.php");
exit();
}
include_once('../inc/egytalk_connect.php');
$uid = random_bytes(16);
$uid[6] = chr((ord($uid[6]) & 0x0f) | 0x40);
$uid[8] = chr((ord($uid[8]) & 0x3f) | 0x80);
$uid = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($uid), 4));
$firstName = filter_input(INPUT_POST, 'firstName', FILTER_SANITIZE_SPECIAL_CHARS);
$surName = filter_input(INPUT_POST, 'surName', FILTER_SANITIZE_SPECIAL_CHARS);
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt = $db->prepare("INSERT INTO user(uid, firstname, surname, username, password) VALUES(:uid, :fn, :sn,:user,:pwd)");
$stmt->bindValue(":uid", $uid);
$stmt->bindValue(":fn", $firstName);
$stmt->bindValue(":sn", $surName);
$stmt->bindValue(":user", $username);
$stmt->bindValue(":pwd", $password);
try {
$stmt->execute();
$_SESSION = array();
session_start();
$_SESSION['uid'] = $uuid;
$_SESSION['username'] = $username;
$_SESSION['name'] = $firstName . " " . $surName;
$_SESSION['logged_in'] = true;
header("Location: index.php");
} catch (Exception $e) {
header("Location: login.php");
exit();
}
}
function logout()
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$_POST = array();
$_SESSION = array(); // Tömmer sessionsarrayen
session_regenerate_id(true);
header("Location: index.php");
exit();
}

View File

@ -1,62 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>M6 | EgyTalk</title>
</head>
<body>
<form method="post" action="userManipulation.php">
<input type="hidden" name="login">
<label>Username: </label>
<input type="text" name="username"> <br><br>
<label>Password: </label>
<input type="password" name="password"> <br><br>
<input type="submit" value="Log In"> <br><br><br><br>
</form>
<form method="post" action="userManipulation.php">
<input type="hidden" name="signup">
<label>Name: </label>
<input type="text" name="firstName"> <br><br>
<label>Surname: </label>
<input type="text" name="surName"> <br><br>
<label>Username: </label>
<input type="text" name="username"> <br><br>
<label>Password: </label>
<input type="password" name="password"> <br><br>
<input type="submit" value="Sign Up"> <br><br><br><br>
</form>
<form method="post" action="userManipulation.php">
<input type="hidden" name="logout">
<input type="submit" value="Log Out"> <br><br>
</form>
<?php
if(isset($_POST['firstName'],$_POST['surName'],$_POST['username'],$_POST['password'])){
include_once('../inc/egytalk_connect.php');
$firstName = filter_input(INPUT_POST, 'firstName', FILTER_SANITIZE_SPECIAL_CHARS);
$surName = filter_input(INPUT_POST, 'surName', FILTER_SANITIZE_SPECIAL_CHARS);
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt= $db->prepare("INSERT INTO user(uid, firstname, surname, username, password) VALUES(UUID(), :fn, :sn,:user,:pwd)");
$stmt->bindValue(":fn", $firstName);
$stmt->bindValue(":sn", $surName);
$stmt->bindValue(":user", $username);
$stmt->bindValue(":pwd", $password);
try{
$stmt->execute();
echo "Good";
}catch(Exception $e){
echo "Not good";
}
}
?>
</body>
</html>

View File

@ -1,12 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>WebServ</title>
</head>
<body>
<h1>Webbservern fungerar!</h1>
<?php include("./footer.html");?>
</body>
</html>