function login_user(){ global $conn; $data = json_decode(file_get_contents('php://input')); $username = htmlspecialchars($data->username); $password = htmlspecialchars($data->password); if($sql = $conn->prepare("SELECT * FROM members where member_name = ?")){ $sql->bind_param('s', $username); $sql->execute(); $result = get_result_fill($sql); $data = array_shift($result); if(count($data) > 0 ) { if( !password_verify($password, $data['member_password']) ){ echo "fail"; }else{ $token = create_jwt($username); echo $token; } }else{ echo "no such user"; } }else{ echo "fail"; } }
function get_suggestion(){ global $conn; //sanatize tho $table_name = $_GET['tableName']; $suggestion_id = $_GET['id']; //make sure the table being requested in the right table name and not something like an injection command $accepted_tables = get_tables(); if(in_array($table_name, $accepted_tables)){ $table_name = htmlspecialchars($table_name); if($suggestion_id === null){ //get all suggestions //since we cant prepare $sql = $conn->prepare("SELECT * FROM $table_name"); if(!$sql){ echo 'invalid'; } }else{ $suggestion_id = htmlspecialchars($suggestion_id); //we are editting, lets get the specific suggestion $sql = $conn->prepare("SELECT * FROM $table_name WHERE suggestion_id = ?"); $sql->bind_param("i", $suggestion_id); } $sql->execute(); $result = get_result_fill($sql); while( $rows = array_shift( $result ) ){ $data[] = array( "id" => $rows['suggestion_id'], "suggestion_name" => $rows['suggestion_title'], "suggestion_category" => $rows['suggestion_category'], "suggestion_price" => $rows['suggestion_price'], "suggestion_weather" => $rows['suggestion_weather'], "suggestion_time" => $rows['suggestion_time'], "suggestion_temperature" => $rows['suggestion_temp'] ); } $json_encoded = json_encode($data, JSON_PRETTY_PRINT); echo $json_encoded; } else{ //someone is trying to send another type of table name echo 'invalid'; } }