Compare commits

..

2 Commits

Author SHA1 Message Date
1347bd362c Merge pull request 'Add M6 3/3' (#2) from main into dev
Reviewed-on: #2
2024-09-27 09:13:39 +00:00
fca9e1d060 Add M6 3/3 2024-09-27 11:10:29 +02:00
6 changed files with 89 additions and 35 deletions

View File

@ -12,7 +12,7 @@ $response['userdata'] = null;
//$user = $db->getUserFromUid($_SESSION['uid']); //$user = $db->getUserFromUid($_SESSION['uid']);
//} //}
if (isset($_POST['username'], $_POST['password'])) { if (isset($_POST['username'], $_POST['password'])) {
$user = $db->auth($_POST['username'], $_POST['password']); $user = $db->auth($_POST['username'], $_POST['password'], false);
} }
if (isset($user) && !empty($user)) { if (isset($user) && !empty($user)) {
@ -23,7 +23,6 @@ if (isset($user) && !empty($user)) {
} }
if(!$response['auth']) header('HTTP/1.0 401 Unauthorized'); if(!$response['auth']) header('HTTP/1.0 401 Unauthorized');
header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Credentials: true');
header('Content-Type: application/json'); header('Content-Type: application/json');

View File

@ -0,0 +1,26 @@
<?php
session_start();
$uid = $_GET['uid'];
$response['auth'] = false;
$response['posts'] = null;
if (isset($_SESSION['uid'])) {
$response['auth'] = true;
include('../model/dbEgyTalk.php');
$db = new dbEgyTalk();
$response['posts'] = $db->getUserPosts($uid);
for($i = 0; $i < sizeof($response['posts']); $i++) {
$comments = $db->getComments($response['posts'][$i]['pid']);
$response['posts'][$i]['comments'] = $comments;
}
}
// Behövs för session-cookies och anger att formatet är json
header('Access-Control-Allow-Credentials: true');
header('Content-Type: application/json');
echo json_encode($response, JSON_UNESCAPED_UNICODE);

View File

@ -0,0 +1,21 @@
<?php
session_start();
$uid = $_GET['uid'];
$response['auth'] = false;
$response['userdata'] = null;
if (isset($_SESSION['uid'])) {
$response['auth'] = true;
include('../model/dbEgyTalk.php');
$db = new dbEgyTalk();
$response['userdata'] = $db->getUserByUID($uid);
}
// Behövs för session-cookies och anger att formatet är json
header('Access-Control-Allow-Credentials: true');
header('Content-Type: application/json');
echo json_encode($response, JSON_UNESCAPED_UNICODE);

View File

@ -14,7 +14,7 @@ function login()
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW); $username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
$password = $_POST['password']; $password = $_POST['password'];
$result = $db->login($username, $password); $result = $db->auth($username, $password, true);
if ($result == []) { if ($result == []) {
header("Location: ../login.html"); header("Location: ../login.html");

View File

@ -18,13 +18,24 @@
echo "<h3>Your name " . $_SESSION['name'] . "</h3>"; echo "<h3>Your name " . $_SESSION['name'] . "</h3>";
?> ?>
<form method="post" action="api/auth.php"> <form method="POST" action="api/auth.php">
<input type="hidden" name="username" value="<?php echo $_SESSION['username']; ?>"> <input type="hidden" name="username" value="<?php echo $_SESSION['username']; ?>">
<input type="hidden" name="password" value="<?php echo $_SESSION['password']; ?>"> <input type="hidden" name="password" value="<?php echo $_SESSION['password']; ?>">
<input type="submit" value="auth.php"> <input type="submit" value="auth.php">
</form> </form>
<a href="api/getPosts.php">getPosts.php</a> <a href="api/getPosts.php">getPosts.php</a>
<form method="GET" action="api/getUserByUID.php">
<input type="text" name="uid">
<input type="submit" value="getUserByUID.php">
</form>
<form method="GET" action="api/getPostsByUID.php">
<input type="text" name="uid">
<input type="submit" value="getPostsByUID.php">
</form>
<ul> <ul>
<li><a href="index.php">Home</a></li> <li><a href="index.php">Home</a></li>
<li><a href="index.php?action=writePost">Post a post</a></li> <li><a href="index.php?action=writePost">Post a post</a></li>

View File

@ -25,7 +25,7 @@ class dbEgyTalk
* @param $password Lösenord * @param $password Lösenord
* @return $result användardata eller tom [] * @return $result användardata eller tom []
*/ */
function auth($username, $password) function auth($username, $password, $toHash)
{ {
$username = trim(filter_var($username, FILTER_UNSAFE_RAW)); $username = trim(filter_var($username, FILTER_UNSAFE_RAW));
$result = []; $result = [];
@ -38,37 +38,34 @@ class dbEgyTalk
if ($stmt->rowCount() == 1) { if ($stmt->rowCount() == 1) {
$user = $stmt->fetch(PDO::FETCH_ASSOC); $user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($password == $user['password']) { if(!$toHash && $password != $user['password']) return $result;
$result['uid'] = $user['uid']; if($toHash && !password_verify($password, $user['password'])) return $result;
$result['username'] = $user['username'];
$result['firstname'] = $user['firstname']; $result['uid'] = $user['uid'];
$result['surname'] = $user['surname']; $result['username'] = $user['username'];
$result['password'] = $user['password']; $result['firstname'] = $user['firstname'];
} $result['surname'] = $user['surname'];
$result['password'] = $user['password'];
} }
return $result; return $result;
} }
function login($username, $password) function getUserByUID($uid)
{ {
$username = trim(filter_var($username, FILTER_UNSAFE_RAW));
$result = []; $result = [];
$stmt = $this->db->prepare("SELECT * FROM user WHERE username = :user"); $stmt = $this->db->prepare("SELECT uid, firstname, surname, username FROM user WHERE uid = :uid");
$stmt->bindValue(":user", $username); $stmt->bindValue(":uid", $uid);
$stmt->execute(); $stmt->execute();
/** Kontroll att resultat finns */ /** Kontroll att resultat finns */
if ($stmt->rowCount() == 1) { if ($stmt->rowCount() == 1) {
$user = $stmt->fetch(PDO::FETCH_ASSOC); $user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($password, $user['password'])) { $result['uid'] = $user['uid'];
$result['uid'] = $user['uid']; $result['username'] = $user['username'];
$result['username'] = $user['username']; $result['firstname'] = $user['firstname'];
$result['firstname'] = $user['firstname']; $result['surname'] = $user['surname'];
$result['surname'] = $user['surname'];
$result['password'] = $user['password'];
}
} }
return $result; return $result;
} }
@ -115,6 +112,17 @@ class dbEgyTalk
$stmt->execute(); $stmt->execute();
} }
function postComment($pid, $uid, $comment)
{
$stmt = $this->db->prepare("INSERT INTO comment (pid, uid, comment_txt, date) VALUES (:pid, :uid, :comment, NOW())");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":uid", $uid);
$stmt->bindValue(":comment", $comment);
$stmt->execute();
}
/** /**
* Hämtar alla status-uppdateringar i tabellen post * Hämtar alla status-uppdateringar i tabellen post
* *
@ -148,21 +156,10 @@ class dbEgyTalk
function getComments($pid) function getComments($pid)
{ {
$stmt = $this->db->prepare("SELECT user.username, comment.comment_txt, comment.date FROM user JOIN comment ON user.uid = comment.uid WHERE pid = :pid"); $stmt = $this->db->prepare("SELECT comment.cid, comment.uid, user.username, comment.comment_txt, comment.date FROM user JOIN comment ON user.uid = comment.uid WHERE pid = :pid");
$stmt->bindValue(":pid", $pid); $stmt->bindValue(":pid", $pid);
$stmt->execute(); $stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC); return $stmt->fetchAll(PDO::FETCH_ASSOC);
} }
function postComment($pid, $uid, $comment)
{
$stmt = $this->db->prepare("INSERT INTO comment (pid, uid, comment_txt, date) VALUES (:pid, :uid, :comment, NOW())");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":uid", $uid);
$stmt->bindValue(":comment", $comment);
$stmt->execute();
}
} }