function generate_session_key($app, $email) { $key = base64_encode(openssl_random_pseudo_bytes(32)); $accountID = get_account_id_from_email($app, $email); $link = mysqli_connect(HOST, USER, PASSWORD, DATABASE); $query = "INSERT INTO `sessions` (`key`, `account_id`) VALUES (?, ?)"; echo $query; $SQLparams = array($key, $accountID); $result = mysqli_prepared_query($app, $link, $query, "sd", $SQLparams); mysqli_close($link); return $key; }
$params = $request->getParsedBody(); $token = $params['token']; $email = get_email_from_key($this, $token); $imdbid = $params['imdbid']; $stars = $params['stars']; $review = $params['review']; $this->logger->info("User: "******"imdbid: " . $imdbid); $this->logger->info("stars: " . $stars); $this->logger->info("review: " . $review); if (strlen($imdbid) != 9) { //bad input reply with 400:Bad Request $this->logger->info("Exiting for malformed imdbid"); return $response->withStatus(400); } $accountID = get_account_id_from_email($this, $email); $query = "INSERT INTO ratings(user, movie, stars, review)"; $query = $query . " VALUES (?, ?, ?, ?)"; $query = $query . " ON DUPLICATE KEY UPDATE stars=?, review=?"; $SQLparams = array($accountID, $imdbid, $stars, $review, $stars, $review); $link = mysqli_connect(HOST, USER, PASSWORD, DATABASE); $result = mysqli_prepared_query($this, $link, $query, "dsdsds", $SQLparams); mysqli_close($link); $data['imdbid'] = $imdbid; $data['stars'] = $stars; $data['review'] = $review; return $response->withHeader('Content-Type', 'application/json')->write(json_encode($data)); }); $app->get('/api/rating', function ($request, $response, $args) { $this->logger->info("GET /api/rating"); $params = $request->getQueryParams();