Add M6 3/3 #2
@ -12,7 +12,7 @@ $response['userdata'] = null;
|
|||||||
//$user = $db->getUserFromUid($_SESSION['uid']);
|
//$user = $db->getUserFromUid($_SESSION['uid']);
|
||||||
//}
|
//}
|
||||||
if (isset($_POST['username'], $_POST['password'])) {
|
if (isset($_POST['username'], $_POST['password'])) {
|
||||||
$user = $db->auth($_POST['username'], $_POST['password']);
|
$user = $db->auth($_POST['username'], $_POST['password'], false);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($user) && !empty($user)) {
|
if (isset($user) && !empty($user)) {
|
||||||
@ -23,7 +23,6 @@ if (isset($user) && !empty($user)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(!$response['auth']) header('HTTP/1.0 401 Unauthorized');
|
if(!$response['auth']) header('HTTP/1.0 401 Unauthorized');
|
||||||
|
|
||||||
header('Access-Control-Allow-Credentials: true');
|
header('Access-Control-Allow-Credentials: true');
|
||||||
header('Content-Type: application/json');
|
header('Content-Type: application/json');
|
||||||
|
|
||||||
|
26
www/public/M6/egyTalk/api/getPostsByUID.php
Normal file
26
www/public/M6/egyTalk/api/getPostsByUID.php
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<?php
|
||||||
|
session_start();
|
||||||
|
|
||||||
|
$uid = $_GET['uid'];
|
||||||
|
|
||||||
|
$response['auth'] = false;
|
||||||
|
$response['posts'] = null;
|
||||||
|
|
||||||
|
if (isset($_SESSION['uid'])) {
|
||||||
|
$response['auth'] = true;
|
||||||
|
|
||||||
|
include('../model/dbEgyTalk.php');
|
||||||
|
$db = new dbEgyTalk();
|
||||||
|
|
||||||
|
$response['posts'] = $db->getUserPosts($uid);
|
||||||
|
|
||||||
|
for($i = 0; $i < sizeof($response['posts']); $i++) {
|
||||||
|
$comments = $db->getComments($response['posts'][$i]['pid']);
|
||||||
|
$response['posts'][$i]['comments'] = $comments;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Behövs för session-cookies och anger att formatet är json
|
||||||
|
header('Access-Control-Allow-Credentials: true');
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
|
||||||
|
echo json_encode($response, JSON_UNESCAPED_UNICODE);
|
21
www/public/M6/egyTalk/api/getUserByUID.php
Normal file
21
www/public/M6/egyTalk/api/getUserByUID.php
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<?php
|
||||||
|
session_start();
|
||||||
|
|
||||||
|
$uid = $_GET['uid'];
|
||||||
|
|
||||||
|
$response['auth'] = false;
|
||||||
|
$response['userdata'] = null;
|
||||||
|
|
||||||
|
if (isset($_SESSION['uid'])) {
|
||||||
|
$response['auth'] = true;
|
||||||
|
|
||||||
|
include('../model/dbEgyTalk.php');
|
||||||
|
$db = new dbEgyTalk();
|
||||||
|
|
||||||
|
$response['userdata'] = $db->getUserByUID($uid);
|
||||||
|
}
|
||||||
|
// Behövs för session-cookies och anger att formatet är json
|
||||||
|
header('Access-Control-Allow-Credentials: true');
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
|
||||||
|
echo json_encode($response, JSON_UNESCAPED_UNICODE);
|
@ -14,7 +14,7 @@ function login()
|
|||||||
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
|
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
|
||||||
$password = $_POST['password'];
|
$password = $_POST['password'];
|
||||||
|
|
||||||
$result = $db->login($username, $password);
|
$result = $db->auth($username, $password, true);
|
||||||
|
|
||||||
if ($result == []) {
|
if ($result == []) {
|
||||||
header("Location: ../login.html");
|
header("Location: ../login.html");
|
||||||
|
@ -18,13 +18,24 @@
|
|||||||
echo "<h3>Your name " . $_SESSION['name'] . "</h3>";
|
echo "<h3>Your name " . $_SESSION['name'] . "</h3>";
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form method="post" action="api/auth.php">
|
<form method="POST" action="api/auth.php">
|
||||||
<input type="hidden" name="username" value="<?php echo $_SESSION['username']; ?>">
|
<input type="hidden" name="username" value="<?php echo $_SESSION['username']; ?>">
|
||||||
<input type="hidden" name="password" value="<?php echo $_SESSION['password']; ?>">
|
<input type="hidden" name="password" value="<?php echo $_SESSION['password']; ?>">
|
||||||
<input type="submit" value="auth.php">
|
<input type="submit" value="auth.php">
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<a href="api/getPosts.php">getPosts.php</a>
|
<a href="api/getPosts.php">getPosts.php</a>
|
||||||
|
|
||||||
|
<form method="GET" action="api/getUserByUID.php">
|
||||||
|
<input type="text" name="uid">
|
||||||
|
<input type="submit" value="getUserByUID.php">
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<form method="GET" action="api/getPostsByUID.php">
|
||||||
|
<input type="text" name="uid">
|
||||||
|
<input type="submit" value="getPostsByUID.php">
|
||||||
|
</form>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="index.php">Home</a></li>
|
<li><a href="index.php">Home</a></li>
|
||||||
<li><a href="index.php?action=writePost">Post a post</a></li>
|
<li><a href="index.php?action=writePost">Post a post</a></li>
|
||||||
|
@ -25,7 +25,7 @@ class dbEgyTalk
|
|||||||
* @param $password Lösenord
|
* @param $password Lösenord
|
||||||
* @return $result användardata eller tom []
|
* @return $result användardata eller tom []
|
||||||
*/
|
*/
|
||||||
function auth($username, $password)
|
function auth($username, $password, $toHash)
|
||||||
{
|
{
|
||||||
$username = trim(filter_var($username, FILTER_UNSAFE_RAW));
|
$username = trim(filter_var($username, FILTER_UNSAFE_RAW));
|
||||||
$result = [];
|
$result = [];
|
||||||
@ -38,37 +38,34 @@ class dbEgyTalk
|
|||||||
if ($stmt->rowCount() == 1) {
|
if ($stmt->rowCount() == 1) {
|
||||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
if ($password == $user['password']) {
|
if(!$toHash && $password != $user['password']) return $result;
|
||||||
$result['uid'] = $user['uid'];
|
if($toHash && !password_verify($password, $user['password'])) return $result;
|
||||||
$result['username'] = $user['username'];
|
|
||||||
$result['firstname'] = $user['firstname'];
|
$result['uid'] = $user['uid'];
|
||||||
$result['surname'] = $user['surname'];
|
$result['username'] = $user['username'];
|
||||||
$result['password'] = $user['password'];
|
$result['firstname'] = $user['firstname'];
|
||||||
}
|
$result['surname'] = $user['surname'];
|
||||||
|
$result['password'] = $user['password'];
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
function login($username, $password)
|
function getUserByUID($uid)
|
||||||
{
|
{
|
||||||
$username = trim(filter_var($username, FILTER_UNSAFE_RAW));
|
|
||||||
$result = [];
|
$result = [];
|
||||||
|
|
||||||
$stmt = $this->db->prepare("SELECT * FROM user WHERE username = :user");
|
$stmt = $this->db->prepare("SELECT uid, firstname, surname, username FROM user WHERE uid = :uid");
|
||||||
$stmt->bindValue(":user", $username);
|
$stmt->bindValue(":uid", $uid);
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
|
|
||||||
/** Kontroll att resultat finns */
|
/** Kontroll att resultat finns */
|
||||||
if ($stmt->rowCount() == 1) {
|
if ($stmt->rowCount() == 1) {
|
||||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
if (password_verify($password, $user['password'])) {
|
$result['uid'] = $user['uid'];
|
||||||
$result['uid'] = $user['uid'];
|
$result['username'] = $user['username'];
|
||||||
$result['username'] = $user['username'];
|
$result['firstname'] = $user['firstname'];
|
||||||
$result['firstname'] = $user['firstname'];
|
$result['surname'] = $user['surname'];
|
||||||
$result['surname'] = $user['surname'];
|
|
||||||
$result['password'] = $user['password'];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
@ -115,6 +112,17 @@ class dbEgyTalk
|
|||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function postComment($pid, $uid, $comment)
|
||||||
|
{
|
||||||
|
$stmt = $this->db->prepare("INSERT INTO comment (pid, uid, comment_txt, date) VALUES (:pid, :uid, :comment, NOW())");
|
||||||
|
|
||||||
|
$stmt->bindValue(":pid", $pid);
|
||||||
|
$stmt->bindValue(":uid", $uid);
|
||||||
|
$stmt->bindValue(":comment", $comment);
|
||||||
|
|
||||||
|
$stmt->execute();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Hämtar alla status-uppdateringar i tabellen post
|
* Hämtar alla status-uppdateringar i tabellen post
|
||||||
*
|
*
|
||||||
@ -148,21 +156,10 @@ class dbEgyTalk
|
|||||||
|
|
||||||
function getComments($pid)
|
function getComments($pid)
|
||||||
{
|
{
|
||||||
$stmt = $this->db->prepare("SELECT user.username, comment.comment_txt, comment.date FROM user JOIN comment ON user.uid = comment.uid WHERE pid = :pid");
|
$stmt = $this->db->prepare("SELECT comment.cid, comment.uid, user.username, comment.comment_txt, comment.date FROM user JOIN comment ON user.uid = comment.uid WHERE pid = :pid");
|
||||||
$stmt->bindValue(":pid", $pid);
|
$stmt->bindValue(":pid", $pid);
|
||||||
|
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
return $stmt->fetchAll(PDO::FETCH_ASSOC);
|
return $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||||
}
|
}
|
||||||
|
|
||||||
function postComment($pid, $uid, $comment)
|
|
||||||
{
|
|
||||||
$stmt = $this->db->prepare("INSERT INTO comment (pid, uid, comment_txt, date) VALUES (:pid, :uid, :comment, NOW())");
|
|
||||||
|
|
||||||
$stmt->bindValue(":pid", $pid);
|
|
||||||
$stmt->bindValue(":uid", $uid);
|
|
||||||
$stmt->bindValue(":comment", $comment);
|
|
||||||
|
|
||||||
$stmt->execute();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user