From fca9e1d060d5cb9ae0dba59236f2cec36befaee5 Mon Sep 17 00:00:00 2001
From: vadym Novoselskyi <novoselskyi.vadim@gmail.com>
Date: Fri, 27 Sep 2024 11:10:29 +0200
Subject: [PATCH] Add M6 3/3

---
 www/public/M6/egyTalk/api/auth.php            |  3 +-
 www/public/M6/egyTalk/api/getPostsByUID.php   | 26 ++++++++
 www/public/M6/egyTalk/api/getUserByUID.php    | 21 +++++++
 .../egyTalk/controller/userManipulation.php   |  2 +-
 www/public/M6/egyTalk/index.php               | 13 +++-
 www/public/M6/egyTalk/model/dbEgyTalk.php     | 59 +++++++++----------
 6 files changed, 89 insertions(+), 35 deletions(-)
 create mode 100644 www/public/M6/egyTalk/api/getPostsByUID.php
 create mode 100644 www/public/M6/egyTalk/api/getUserByUID.php

diff --git a/www/public/M6/egyTalk/api/auth.php b/www/public/M6/egyTalk/api/auth.php
index 902ad25..985f9ba 100644
--- a/www/public/M6/egyTalk/api/auth.php
+++ b/www/public/M6/egyTalk/api/auth.php
@@ -12,7 +12,7 @@ $response['userdata'] = null;
     //$user = $db->getUserFromUid($_SESSION['uid']);
 //} 
 if (isset($_POST['username'], $_POST['password'])) {
-    $user = $db->auth($_POST['username'], $_POST['password']);
+    $user = $db->auth($_POST['username'], $_POST['password'], false);
 }
 
 if (isset($user) && !empty($user)) {
@@ -23,7 +23,6 @@ if (isset($user) && !empty($user)) {
 }
 
 if(!$response['auth']) header('HTTP/1.0 401 Unauthorized');
-
 header('Access-Control-Allow-Credentials: true');
 header('Content-Type: application/json');
 
diff --git a/www/public/M6/egyTalk/api/getPostsByUID.php b/www/public/M6/egyTalk/api/getPostsByUID.php
new file mode 100644
index 0000000..b28c72b
--- /dev/null
+++ b/www/public/M6/egyTalk/api/getPostsByUID.php
@@ -0,0 +1,26 @@
+<?php
+session_start();
+
+$uid = $_GET['uid'];
+
+$response['auth'] = false;
+$response['posts'] = null;
+
+if (isset($_SESSION['uid'])) {
+   $response['auth'] = true;
+
+   include('../model/dbEgyTalk.php');
+   $db = new dbEgyTalk();
+
+   $response['posts'] = $db->getUserPosts($uid);
+
+   for($i = 0; $i < sizeof($response['posts']); $i++) {
+      $comments = $db->getComments($response['posts'][$i]['pid']);
+      $response['posts'][$i]['comments'] = $comments; 
+   }
+}
+// Behövs för session-cookies och anger att formatet är json
+header('Access-Control-Allow-Credentials: true');
+header('Content-Type: application/json');
+
+echo json_encode($response, JSON_UNESCAPED_UNICODE);
diff --git a/www/public/M6/egyTalk/api/getUserByUID.php b/www/public/M6/egyTalk/api/getUserByUID.php
new file mode 100644
index 0000000..324e270
--- /dev/null
+++ b/www/public/M6/egyTalk/api/getUserByUID.php
@@ -0,0 +1,21 @@
+<?php
+session_start();
+
+$uid = $_GET['uid'];
+
+$response['auth'] = false;
+$response['userdata'] = null;
+
+if (isset($_SESSION['uid'])) {
+   $response['auth'] = true;
+
+   include('../model/dbEgyTalk.php');
+   $db = new dbEgyTalk();
+
+   $response['userdata'] = $db->getUserByUID($uid);
+}
+// Behövs för session-cookies och anger att formatet är json
+header('Access-Control-Allow-Credentials: true');
+header('Content-Type: application/json');
+
+echo json_encode($response, JSON_UNESCAPED_UNICODE);
diff --git a/www/public/M6/egyTalk/controller/userManipulation.php b/www/public/M6/egyTalk/controller/userManipulation.php
index 6e8acef..93c646b 100644
--- a/www/public/M6/egyTalk/controller/userManipulation.php
+++ b/www/public/M6/egyTalk/controller/userManipulation.php
@@ -14,7 +14,7 @@ function login()
     $username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
     $password = $_POST['password'];
 
-    $result = $db->login($username, $password);
+    $result = $db->auth($username, $password, true);
 
     if ($result == [])  {
         header("Location: ../login.html");
diff --git a/www/public/M6/egyTalk/index.php b/www/public/M6/egyTalk/index.php
index 5230a16..fef587d 100644
--- a/www/public/M6/egyTalk/index.php
+++ b/www/public/M6/egyTalk/index.php
@@ -18,13 +18,24 @@
         echo "<h3>Your name " . $_SESSION['name'] . "</h3>";
         ?>
 
-<form method="post" action="api/auth.php">
+<form method="POST" action="api/auth.php">
     <input type="hidden" name="username" value="<?php echo $_SESSION['username']; ?>">
     <input type="hidden" name="password" value="<?php echo $_SESSION['password']; ?>">
     <input type="submit" value="auth.php">
 </form>
+
 <a href="api/getPosts.php">getPosts.php</a>
 
+<form method="GET" action="api/getUserByUID.php">
+    <input type="text" name="uid">
+    <input type="submit" value="getUserByUID.php">
+</form>
+
+<form method="GET" action="api/getPostsByUID.php">
+    <input type="text" name="uid">
+    <input type="submit" value="getPostsByUID.php">
+</form>
+
 <ul>
     <li><a href="index.php">Home</a></li>
     <li><a href="index.php?action=writePost">Post a post</a></li>
diff --git a/www/public/M6/egyTalk/model/dbEgyTalk.php b/www/public/M6/egyTalk/model/dbEgyTalk.php
index 1f8e22b..8217c75 100644
--- a/www/public/M6/egyTalk/model/dbEgyTalk.php
+++ b/www/public/M6/egyTalk/model/dbEgyTalk.php
@@ -25,7 +25,7 @@ class dbEgyTalk
    * @param $password Lösenord
    * @return $result användardata eller tom []
    */
-  function auth($username, $password)
+  function auth($username, $password, $toHash)
   {
     $username = trim(filter_var($username, FILTER_UNSAFE_RAW));
     $result = [];
@@ -38,37 +38,34 @@ class dbEgyTalk
     if ($stmt->rowCount() == 1) {
       $user = $stmt->fetch(PDO::FETCH_ASSOC);
 
-      if ($password == $user['password']) {
-        $result['uid'] = $user['uid'];
-        $result['username'] = $user['username'];
-        $result['firstname'] = $user['firstname'];
-        $result['surname'] = $user['surname'];
-        $result['password'] = $user['password'];  
-      }
+      if(!$toHash && $password != $user['password']) return $result;
+      if($toHash && !password_verify($password, $user['password'])) return $result;
+
+      $result['uid'] = $user['uid'];
+      $result['username'] = $user['username'];
+      $result['firstname'] = $user['firstname'];
+      $result['surname'] = $user['surname'];
+      $result['password'] = $user['password'];  
     }
     return $result;
   }
 
-  function login($username, $password)
+  function getUserByUID($uid) 
   {
-    $username = trim(filter_var($username, FILTER_UNSAFE_RAW));
     $result = [];
 
-    $stmt = $this->db->prepare("SELECT * FROM user WHERE username = :user");
-    $stmt->bindValue(":user", $username);
+    $stmt = $this->db->prepare("SELECT uid, firstname, surname, username FROM user WHERE uid = :uid");
+    $stmt->bindValue(":uid", $uid);
     $stmt->execute();
 
     /** Kontroll att resultat finns */
     if ($stmt->rowCount() == 1) {
       $user = $stmt->fetch(PDO::FETCH_ASSOC);
 
-      if (password_verify($password, $user['password'])) {
-        $result['uid'] = $user['uid'];
-        $result['username'] = $user['username'];
-        $result['firstname'] = $user['firstname'];
-        $result['surname'] = $user['surname'];
-        $result['password'] = $user['password'];  
-      }
+      $result['uid'] = $user['uid'];
+      $result['username'] = $user['username'];
+      $result['firstname'] = $user['firstname'];
+      $result['surname'] = $user['surname'];
     }
     return $result;
   }
@@ -115,6 +112,17 @@ class dbEgyTalk
     $stmt->execute();
   }
 
+  function postComment($pid, $uid, $comment)
+  {
+    $stmt = $this->db->prepare("INSERT INTO comment (pid, uid, comment_txt, date) VALUES (:pid, :uid, :comment, NOW())");
+
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":uid", $uid);
+    $stmt->bindValue(":comment", $comment);
+
+    $stmt->execute();
+  }
+
   /**
    * Hämtar alla status-uppdateringar i tabellen post
    *
@@ -148,21 +156,10 @@ class dbEgyTalk
 
   function getComments($pid)
   {
-    $stmt = $this->db->prepare("SELECT user.username, comment.comment_txt, comment.date FROM user JOIN comment ON user.uid = comment.uid WHERE pid = :pid");
+    $stmt = $this->db->prepare("SELECT comment.cid, comment.uid, user.username, comment.comment_txt, comment.date FROM user JOIN comment ON user.uid = comment.uid WHERE pid = :pid");
     $stmt->bindValue(":pid", $pid);
 
     $stmt->execute();
     return $stmt->fetchAll(PDO::FETCH_ASSOC);
   }
-
-  function postComment($pid, $uid, $comment)
-  {
-    $stmt = $this->db->prepare("INSERT INTO comment (pid, uid, comment_txt, date) VALUES (:pid, :uid, :comment, NOW())");
-
-    $stmt->bindValue(":pid", $pid);
-    $stmt->bindValue(":uid", $uid);
-    $stmt->bindValue(":comment", $comment);
-
-    $stmt->execute();
-  }
 }