Esempio n. 1
0
 public function __construct()
 {
     $this->mysqli = new mysqli("localhost", "blogger", "P@ssw0rd", "webinfo", "3306");
     if (!$this->mysqli) {
         HttpService::return_service_unavailable();
     }
 }
Esempio n. 2
0
 public function __construct()
 {
     // get db connection
     $db = new DatabaseService();
     $this->sql_con = $db->getConnection();
     if (!$this->sql_con) {
         HttpService::return_service_unavailable();
     }
 }
Esempio n. 3
0
 /**
  * login
  * @param $username string
  * @param $password string
  */
 public static function login($username, $password)
 {
     // Delete Mocking behavior
     // get db connection
     $db = new DatabaseService();
     $sql_con = $db->getConnection();
     //connection failed
     if (!$sql_con) {
         HttpService::return_service_unavailable();
     }
     //get hash algos
     $algos = hash_algos();
     //take the 3rd algo
     $algo = $algos[2];
     $pw_hash = hash($algo, $password);
     //get user from db
     $query = "SELECT * FROM user WHERE alias = '{$username}' AND password = '******'";
     $result = $sql_con->query($query);
     $row = mysqli_fetch_assoc($result);
     //login data correct?
     if (!isset($row)) {
         HttpService::redirect_to('/login/fail');
     }
     //add alias to session
     $_SESSION['username'] = $row['alias'];
     $_SESSION['user_id'] = $row['id'];
     $roles = array();
     //add user role
     switch ($row['role']) {
         case 1:
             array_push($roles, 'admin');
             break;
         case 2:
             array_push($roles, 'author');
             break;
         case 3:
             array_push($roles, 'user');
             break;
     }
     //add roles to session
     $_SESSION['roles'] = $roles;
 }
Esempio n. 4
0
<?php

include_once '../app/services/session.php';
include_once '../app/services/HttpService.php';
include_once '../app/services/AuthenticationService.php';
AuthenticationService::logout();
HttpService::redirect_to('/');
Esempio n. 5
0
    $user = $comment->user;
    $date = date("F d, Y", $comment->creation_date);
    $text = $comment->text;
    // Return comment to client
    include '../../app/views/comments/show.php';
    exit;
}
if ($method == 'DELETE') {
    // Get form data
    parse_str($_SERVER['QUERY_STRING'], $post_vars);
    if (isset($post_vars['cid'])) {
        $comment_id = $post_vars['cid'];
        $comments = new CommentService();
        $comment = $comments->get_comment($comment_id);
        // Check existence
        if (!isset($comment)) {
            HttpService::return_not_found();
        }
        // Check permission
        if (!AuthenticationService::can_delete_comment($comment)) {
            HttpService::return_unauthorized();
        }
        // Delete article
        $comments->delete_comment($comment_id);
        HttpService::return_no_content();
    }
    HttpService::return_bad_request();
}
// Otherwise
HttpService::return_not_found();
Esempio n. 6
0
    $title = isset($_POST['title']) ? $_POST['title'] : null;
    $keywords = isset($_POST['keywords']) ? $_POST['keywords'] : null;
    $content = isset($_POST['content']) ? $_POST['content'] : null;
    $user = $_SESSION['username'];
    // Validate required parameters
    if (!isset($title, $content, $user)) {
        HttpService::return_bad_request();
    }
    // Sanitize user input
    $title = SanitationService::convertHtml($title);
    $keywords = SanitationService::convertHtml($keywords);
    $content = SanitationService::convertHtml($content);
    // Save article
    $articles = ArticleService::get_instance();
    $articles->add_article($user, $title, $keywords, $content);
    // Redirect to articles
    HttpService::redirect_to('/articles/');
}
// GET - Show form
if ($method == "GET") {
    $page_title = "New Article";
    $form_action = '/articles/new';
    $id = '';
    $title = '';
    $keywords = '';
    $author = $_SESSION['username'];
    $content = '';
    $date = date('F d, Y', time());
    $page_content = '../../app/views/articles/edit.php';
    include_once '../../app/views/_layout.php';
}
Esempio n. 7
0
 /**
  * Updates an existing article
  *
  * @param $id string
  *        	the id of the article
  * @param $title string
  *        	the title of the article
  * @param $keyword_string string
  *        	a string containing the keywords separated with space
  * @param $content string
  *        	the content of the article in block code
  */
 public function update_article($id, $title, $keyword_string, $content)
 {
     $query = "SELECT * FROM article WHERE id = " . $id;
     $result = $this->sql_con->query($query);
     $row = mysqli_fetch_assoc($result);
     if (!isset($row)) {
         HttpService::return_not_found();
     }
     $change_date = time();
     $query = "UPDATE article SET title = '{$title}', text = '{$content}', change_date = '{$change_date}' WHERE id = '{$id}'";
     $result = $this->sql_con->query($query);
     if (!isset($result)) {
         HttpService::return_not_found();
     }
     $this->updateKeywords($id, $keyword_string);
 }