/** * Create dependant objects before running each test **/ public final function setUp() { //Run the default setUp() method first parent::setUp(); //create and insert profile to tag image $password = "******"; $salt = bin2hex(openssl_random_pseudo_bytes(32)); $verify = $salt; $hash = hash_pbkdf2("sha512", $password, $salt, 262144); $this->profile = new Profile(null, true, null, "Email", "myName", $hash, 1, "mynameagain", "867", $salt, $verify); $this->profile->insert($this->getPDO()); //create an image to be tagged $this->imageTagImage = new Image(null, $this->profile->getProfileId(), "jpeg", "myfile", "theText", null); $this->imageTagImage->insert($this->getPDO()); $this->imageTagTag = new Tag(null, "Photo"); $this->imageTagTag->insert($this->getPDO()); }
/** * test grabbing all Votes **/ public function testGetAllValidVotes() { // count the number of rows and save it for later $numRows = $this->getConnection()->getRowCount("vote"); // create a new Vote and insert to into mySQL $vote = new Vote($this->voteProfile->getProfileId(), $this->voteImage->getImageId(), $this->VALID_VOTEVALUE); $vote->insert($this->getPDO()); // grab the data from mySQL and enforce the fields match our expectations $results = Vote::getAllvotes($this->getPDO()); $this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("vote")); $this->assertCount(1, $results); $this->assertContainsOnlyInstancesOf("Edu\\Cnm\\Jpegery\\Vote", $results); // grab the result from the array and validate it $pdoVote = $results[0]; $this->assertEquals($pdoVote->getVoteProfileId(), $this->voteProfile->getProfileId()); $this->assertEquals($pdoVote->getVoteImageId(), $this->voteImage->getImageId()); $this->assertEquals($pdoVote->getVoteValue(), $this->VALID_VOTEVALUE); }
use Edu\Cnm\Jpegery\Profile; //verify the xsrf challenge if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } // prepare default error message $reply = new stdClass(); $reply->status = 200; $reply->data = null; try { //grab the mySQL connection $pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/jpegery.ini"); $profileVerify = filter_input(INPUT_GET, "profileVerify", FILTER_SANITIZE_STRING); if ($profileVerify === null) { throw new \InvalidArgumentException("Testing"); } $profile = Profile::getProfileByProfileVerify($pdo, $profileVerify); // make sure the verification isn't empty if (empty($profile) === true || $profile === null) { throw new InvalidArgumentException("Activation code has been used or does not exist", 404); } else { $profileVerify->setProfileVerify(); $profile->update($pdo); $reply->data = "Congratulations, your account has been activated!"; } } catch (Exception $exception) { $reply->status = $exception->getCode(); $reply->data = $exception->getMessage(); } header("Content-type: application/json"); echo json_encode($reply);
} $reply->message = "Profile has been updated"; //post } elseif ($method === "POST") { // Verify that they are trying to update their own profile // $security = Profile::getProfileByProfileId($pdo, $_SESSION["profile"]->getProfileId()); // if($security->getProfileId() === false) { // $_SESSION["profile"]->setProfileId(false); // throw(new RunTimeException("Access Denied", 403)); // } $password = $requestObject->profilePassword; $salt = bin2hex(openssl_random_pseudo_bytes(32)); $hash = hash_pbkdf2("sha512", $password, $salt, 262144); $profileVerify = bin2hex(openssl_random_pseudo_bytes(8)); //create new Profile $profile = new Profile(null, false, null, $requestObject->profileEmail, $requestObject->profileHandle, $hash, 4414, $requestObject->profileNameF, $requestObject->profileNameL, $requestObject->profilePhone, $salt, $profileVerify); $profile->insert($pdo); $_SESSION["profile"] = $profile; $reply->message = "Profile has been created"; //compose and send the email for confirmation and setting a new password // create Swift message $swiftMessage = Swift_Message::newInstance(); // attach the sender to the message // this takes the form of an associative array where the Email is the key for the real name $swiftMessage->setFrom(["*****@*****.**" => "Jpegery"]); /** * attach the recipients to the message * this is an array that can include or omit the the recipient's real name * use the recipients' real name where possible; this reduces the probability of the Email being marked as spam **/ $recipients = [$requestObject->profileEmail];
// $pdo //Connect to mysql encrypted; verifyXsrf(); $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); //grab the mySQL connection $pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/jpegery.ini"); try { $profile = Profile::getProfileByProfileEmail($pdo, $requestObject->emailHandlePhone); } catch (Exception $exception) { $profile = null; } if ($profile === null) { $profile = Profile::getProfileByProfileHandle($pdo, $requestObject->emailHandlePhone); } if ($profile === null) { $profile = Profile::getProfileByProfilePhone($pdo, $requestObject->emailHandlePhone); } // if login options cannot be verified throw exception if ($profile === null) { throw new \RuntimeException("User name or password is incorrect"); } $hash = hash_pbkdf2("sha512", $requestObject->password, $profile->getProfileSalt(), 262144); // if login credentials are valid; start session if (empty($profile) === false && $hash === $profile->getProfileHash()) { //Put the profile in the session. $reply->message = "Welcome to jpegery!"; $_SESSION["profile"] = $profile; } else { throw new \RuntimeException("User name or password is incorrect"); } } catch (Exception $exception) {
verifyXsrf(); $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); $follow = new Follower($requestObject->followerFollowerId, $requestObject->followerFollowedId); $follow->insert($pdo); $tempName = Profile::getProfilebyProfileId($pdo, $requestObject->followerFollowedId)->getProfileHandle(); $reply->message = "You are now following " . $tempName; } elseif ($method === "DELETE") { $follower = Follower::getFollowerByFollowerIdAndFollowedId($pdo, $followerFollowerId, $followerFollowedId); if ($follower === null) { throw new \RuntimeException("relationship does not exist", 404); } if ($_SESSION["profile"]->getProfileId() !== $follower->getFollowerFollowerId()) { throw new \RuntimeException("Only the follower can stop following."); } $tempName = Profile::getProfilebyProfileId($pdo, $follower->getFollowerFollowedId())->getProfileHandle(); $follower->delete($pdo); $deletedObject = new stdClass(); $deletedObject->followerFollowerId = $followerFollowerId; $deletedObject->followerFollowedId = $followerFollowedId; $reply->message = "You are no longer following " . $tempName; } } elseif (empty($method) === false && $method !== "GET") { //If a non-admin attempted to access anything other than GET, throw an error at them throw new \RuntimeException("Only administrators are allowed to modify entries", 401); } } } catch (Exception $exception) { $reply->status = $exception->getCode(); $reply->message = $exception->getMessage(); }
/** * test grabbing a Profile that does not exist **/ public function testGetInvalidProfileByProfileId() { // grab a profile id that exceeds the maximum allowable profile id $profile = Profile::getProfileByProfileId($this->getPDO(), JpegeryTest::INVALID_KEY); $this->assertNull($profile); }
/** * @expectedException \RangeException */ public function testInsertInvalidCommentByTooMuchText() { //Create a new Comment and insert it into mySQL $comment = new Comment(null, $this->image->getImageId(), $this->profile->getProfileId(), $this->VALID_COMMENTDATE, $this->INVALID_TEXTLENGTH); $comment->insert($this->getPDO()); }
/** * @expectedException \RangeException **/ public function testSetInvalidFollowerByNegativeFollowedId() { $follow = new Follower($this->follower->getProfileId(), -1); $follow->insert($this->getPDO()); }