function startTrippin()
{
// Placeholder...
$rsp = new JsonResponse_Str("Problem starting trip.");
// Find user's current ID (note, guaranteed logged in by route middleware)
$usrn = getSessionUserName();
// Connect to database
$conn = getDatabaseConnection();
// Prepare statement to check for users with that name
$statement = $conn->prepare('SELECT id
FROM users WHERE username = :username', array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
// Execute
$statement->execute(array(':username' => $usrn));
$wps = $statement->fetchAll();
// Check in case current user is not in db somehow
if (count($wps) == 0) {
$rsp->errMessage = "No users returned with uname!";
$rsp->respondAndExit();
}
$uid = $wps[0][0];
// Now create a new trip with that user id, empty notes for now
$statement = $conn->prepare('INSERT INTO trips (user, notes)
VALUES(:userid, :nonotes)');
// Execute with given user id
$statement->execute(array(':userid' => $uid, ':nonotes' => ''));
// Grab the trip id created, store in session variable
$trid = $conn->lastInsertId();
$_SESSION["tripid"] = $trid;
// Start off point index at zero
$_SESSION["triporderindex"] = 0;
// Disconnect from db
$conn = null;
/* Send back trip id to user for diagnostic purposes, but never accept
* client's word on what his trip id is - use server-side _SESSION copy. */
$rsp->specificString = $trid;
$rsp->setSuccessful();
$rsp->respondAndExit();
}
function handleTemplateSpecifics($req, $resp, $args, $tplName, &$htdoc)
{
/* If we're an internal-only template, will be inside /internal/ folder.
* List them here so can validate and look in there
*/
$internalPages = ["loggedInWelcomeTemplate", "newTripTemplate", "viewTripTemplate", "wordSwapTemplate"];
if (in_array($tplName, $internalPages)) {
if (hasValidSession()) {
$htdoc->loadHTMLFile("./html/internal/{$tplName}.html");
} else {
// Read in the unauthorized access deal
$htdoc->loadHTMLFile("./html/unauthorizedTemplate.html");
}
} else {
// If not an internal page, no need to check session
$htdoc->loadHTMLFile("./html/{$tplName}.html");
}
// A few details specific to individual views
switch ($tplName) {
case "navbarTemplate":
// Get the home url but with https
$selfAddr = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$baseAddr = explode('/api.php', $selfAddr)[0];
$secureURL = 'https://' . $baseAddr . "/#logIn";
// Set the href on log in (https/http)
$loginlink = $htdoc->getElementById("login");
$loginlink->setAttribute("href", $secureURL);
break;
case "loggedInWelcomeTemplate":
if (hasValidSession()) {
// Put in welcome message to specific username
$wtx = "Welcome " . getSessionUserName() . "!";
$htdoc->getElementById("welcUser")->nodeValue = $wtx;
}
}
}
session_start();
/* test_api.php
* Server-side tests for application, deny access in production via .htaccess
* David Lenkner, c. 2016
*/
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
require 'vendor/autoload.php';
require_once 'php/templateSpecifics.php';
require_once 'php/authentication.php';
require_once 'php/utils.php';
$app = new \Slim\App();
// Test session variables and login session functions
$app->get('/testSession', function ($request, $response, $args) {
$un = getSessionUserName();
echo "User name is " . $un . "\n";
if (hasValidSession()) {
echo "Valid session.\n";
} else {
echo "Invalid session.\n";
}
});
// Test session variables alone by setting
$app->get('/setSV', function ($request, $response, $args) {
echo "4\n";
$_SESSION["a"] = '12345';
// echo "Okay set session var to " . $_SESSION["a"] . "\n";
});
// Test session variables alone by getting
$app->get('/getSV', function ($request, $response, $args) {
