public function __construct()
{
$this->mysqli = new mysqli("localhost", "blogger", "P@ssw0rd", "webinfo", "3306");
if (!$this->mysqli) {
HttpService::return_service_unavailable();
}
}
public function __construct()
{
// get db connection
$db = new DatabaseService();
$this->sql_con = $db->getConnection();
if (!$this->sql_con) {
HttpService::return_service_unavailable();
}
}
/**
* login
* @param $username string
* @param $password string
*/
public static function login($username, $password)
{
// Delete Mocking behavior
// get db connection
$db = new DatabaseService();
$sql_con = $db->getConnection();
//connection failed
if (!$sql_con) {
HttpService::return_service_unavailable();
}
//get hash algos
$algos = hash_algos();
//take the 3rd algo
$algo = $algos[2];
$pw_hash = hash($algo, $password);
//get user from db
$query = "SELECT * FROM user WHERE alias = '{$username}' AND password = '******'";
$result = $sql_con->query($query);
$row = mysqli_fetch_assoc($result);
//login data correct?
if (!isset($row)) {
HttpService::redirect_to('/login/fail');
}
//add alias to session
$_SESSION['username'] = $row['alias'];
$_SESSION['user_id'] = $row['id'];
$roles = array();
//add user role
switch ($row['role']) {
case 1:
array_push($roles, 'admin');
break;
case 2:
array_push($roles, 'author');
break;
case 3:
array_push($roles, 'user');
break;
}
//add roles to session
$_SESSION['roles'] = $roles;
}
<?php
include_once '../app/services/session.php';
include_once '../app/services/HttpService.php';
include_once '../app/services/AuthenticationService.php';
AuthenticationService::logout();
HttpService::redirect_to('/');
$user = $comment->user;
$date = date("F d, Y", $comment->creation_date);
$text = $comment->text;
// Return comment to client
include '../../app/views/comments/show.php';
exit;
}
if ($method == 'DELETE') {
// Get form data
parse_str($_SERVER['QUERY_STRING'], $post_vars);
if (isset($post_vars['cid'])) {
$comment_id = $post_vars['cid'];
$comments = new CommentService();
$comment = $comments->get_comment($comment_id);
// Check existence
if (!isset($comment)) {
HttpService::return_not_found();
}
// Check permission
if (!AuthenticationService::can_delete_comment($comment)) {
HttpService::return_unauthorized();
}
// Delete article
$comments->delete_comment($comment_id);
HttpService::return_no_content();
}
HttpService::return_bad_request();
}
// Otherwise
HttpService::return_not_found();
$title = isset($_POST['title']) ? $_POST['title'] : null;
$keywords = isset($_POST['keywords']) ? $_POST['keywords'] : null;
$content = isset($_POST['content']) ? $_POST['content'] : null;
$user = $_SESSION['username'];
// Validate required parameters
if (!isset($title, $content, $user)) {
HttpService::return_bad_request();
}
// Sanitize user input
$title = SanitationService::convertHtml($title);
$keywords = SanitationService::convertHtml($keywords);
$content = SanitationService::convertHtml($content);
// Save article
$articles = ArticleService::get_instance();
$articles->add_article($user, $title, $keywords, $content);
// Redirect to articles
HttpService::redirect_to('/articles/');
}
// GET - Show form
if ($method == "GET") {
$page_title = "New Article";
$form_action = '/articles/new';
$id = '';
$title = '';
$keywords = '';
$author = $_SESSION['username'];
$content = '';
$date = date('F d, Y', time());
$page_content = '../../app/views/articles/edit.php';
include_once '../../app/views/_layout.php';
}
/**
* Updates an existing article
*
* @param $id string
* the id of the article
* @param $title string
* the title of the article
* @param $keyword_string string
* a string containing the keywords separated with space
* @param $content string
* the content of the article in block code
*/
public function update_article($id, $title, $keyword_string, $content)
{
$query = "SELECT * FROM article WHERE id = " . $id;
$result = $this->sql_con->query($query);
$row = mysqli_fetch_assoc($result);
if (!isset($row)) {
HttpService::return_not_found();
}
$change_date = time();
$query = "UPDATE article SET title = '{$title}', text = '{$content}', change_date = '{$change_date}' WHERE id = '{$id}'";
$result = $this->sql_con->query($query);
if (!isset($result)) {
HttpService::return_not_found();
}
$this->updateKeywords($id, $keyword_string);
}