function login_user(){
global $conn;
$data = json_decode(file_get_contents('php://input'));
$username = htmlspecialchars($data->username);
$password = htmlspecialchars($data->password);
if($sql = $conn->prepare("SELECT * FROM members where member_name = ?")){
$sql->bind_param('s', $username);
$sql->execute();
$result = get_result_fill($sql);
$data = array_shift($result);
if(count($data) > 0 )
{
if( !password_verify($password, $data['member_password']) ){
echo "fail";
}else{
$token = create_jwt($username);
echo $token;
}
}else{
echo "no such user";
}
}else{
echo "fail";
}
}
function get_suggestion(){
global $conn;
//sanatize tho
$table_name = $_GET['tableName'];
$suggestion_id = $_GET['id'];
//make sure the table being requested in the right table name and not something like an injection command
$accepted_tables = get_tables();
if(in_array($table_name, $accepted_tables)){
$table_name = htmlspecialchars($table_name);
if($suggestion_id === null){
//get all suggestions
//since we cant prepare
$sql = $conn->prepare("SELECT * FROM $table_name");
if(!$sql){
echo 'invalid';
}
}else{
$suggestion_id = htmlspecialchars($suggestion_id);
//we are editting, lets get the specific suggestion
$sql = $conn->prepare("SELECT * FROM $table_name WHERE suggestion_id = ?");
$sql->bind_param("i", $suggestion_id);
}
$sql->execute();
$result = get_result_fill($sql);
while( $rows = array_shift( $result ) ){
$data[] = array(
"id" => $rows['suggestion_id'],
"suggestion_name" => $rows['suggestion_title'],
"suggestion_category" => $rows['suggestion_category'],
"suggestion_price" => $rows['suggestion_price'],
"suggestion_weather" => $rows['suggestion_weather'],
"suggestion_time" => $rows['suggestion_time'],
"suggestion_temperature" => $rows['suggestion_temp']
);
}
$json_encoded = json_encode($data, JSON_PRETTY_PRINT);
echo $json_encoded;
}
else{
//someone is trying to send another type of table name
echo 'invalid';
}
}
