<?php
session_start();
use views\helpers\PathHelper;
require_once dirname(dirname(dirname(__FILE__))) . '/views/helpers/PathHelper.php';
$path = new PathHelper();
require_once $path->getModelPath() . 'DBHandler.php';
require_once $path->getModelPath() . 'AuthHandler.php';
require_once $path->getConfigPath() . 'connectionInfo.private.php';
$dbHandler = new DBHandler($host, $user, $password, $db);
$authHandler = new AuthHandler($dbHandler);
if (isset($_POST['title']) && isset($_POST['content'])) {
if ($id = $dbHandler->insertNote($_POST['title'], $_POST['content'], $authHandler->getUserId())) {
$result = array("id" => $id, "title" => $_POST['title'], "content" => $_POST['content']);
} else {
header("HTTP/1.1 501 Could not modify object");
$result = array("error" => "An error occurred saving your note.");
}
} else {
// title and content were not set
header("HTTP/1.1 502 Empty parameter set");
$result = array("error" => "Please provide a title and content for your note.");
}
header("Content-Type: application/json; charset=UTF-8");
echo json_encode($result);
<?php
use views\helpers\PathHelper;
require_once dirname(dirname(__FILE__)) . '/views/helpers/PathHelper.php';
$path = new PathHelper();
require_once $path->getModelPath() . 'Note.php';
require_once $path->getModelPath() . 'User.php';
class DBHandler
{
var $connection;
/**
* @param $host String host to connect to.
* @param $user String username to use with the connection. Make sure to grant all necessary privileges.
* @param $password String password belonging to the username.
* @param $db String name of the database.
*/
function __construct($host, $user, $password, $db)
{
$this->connection = new mysqli($host, $user, $password, $db);
$this->connection->set_charset('utf8');
// prevent charset errors.
$this->ensureUsersTable();
$this->ensureNotesTable();
}
function ensureUsersTable()
{
assert($this->connection);
$queryString = "CREATE TABLE IF NOT EXISTS users (id INT(5) PRIMARY KEY AUTO_INCREMENT, " . "name VARCHAR(100) UNIQUE NOT NULL, password VARCHAR(255) NOT NULL)";
// it's okay not to use prepared statements here
// because it is quite a static thing to do and does not take potentially harmful user input.
$this->connection->query($queryString);
<?php
use views\helpers\PathHelper;
session_start();
require_once dirname(__FILE__) . '/app/views/helpers/PathHelper.php';
$path = new PathHelper();
require_once $path->getModelPath() . 'DBHandler.php';
require_once $path->getModelPath() . 'AuthHandler.php';
require_once $path->getConfigPath() . 'connectionInfo.private.php';
$dbHandler = new DBHandler($host, $user, $password, $db);
$authHandler = new AuthHandler($dbHandler);
?>
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title>User Notes</title>
<link rel="shortcut icon" type="image/x-icon" href="<?php
echo $path->getAssetPath();
?>
/favicon.ico">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
<link rel="stylesheet" href="<?php
echo $path->getAssetPath();
?>
/css/notes.css"/>
</head>
<body>
<header class="header">
<?php
<?php
define('authSessionKey', 'isAuthenticated');
use views\helpers\PathHelper;
require_once dirname(dirname(__FILE__)) . '/views/helpers/PathHelper.php';
$path = new PathHelper();
require_once $path->getModelPath() . 'DBHandler.php';
class AuthHandler
{
var $dbHandler;
/**
* AuthHandler constructor.
* @param $dbHandler DBHandler
*/
function __construct($dbHandler)
{
$this->dbHandler = $dbHandler;
}
function registerUser($userName, $password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
return $this->dbHandler->insertUser($userName, $hash);
}
function loginUser($userName, $password)
{
$user = $this->dbHandler->queryUserByUserName($userName);
$passwordVerificationResult = password_verify($password, $user->getHash());
if ($passwordVerificationResult) {
$_SESSION[authSessionKey] = true;
$_SESSION['userName'] = $user->getName();
$_SESSION['userId'] = $user->getId();
