function login_user(){
		global $conn;
	
		$data 		= json_decode(file_get_contents('php://input'));
		$username 	= htmlspecialchars($data->username);
		$password 	= htmlspecialchars($data->password);
		
		if($sql = $conn->prepare("SELECT * FROM members where member_name = ?")){
					
			$sql->bind_param('s', $username);
			$sql->execute();
			$result = get_result_fill($sql);
			
			$data = array_shift($result);


			if(count($data) > 0 )
			{
				if( !password_verify($password, $data['member_password']) ){
					echo "fail";	
				}else{
					$token = create_jwt($username);
					echo $token;
				} 
			}else{
				echo "no such user";
			}

			
		}else{
			echo "fail";
		}
	}
예제 #2
0
	function get_suggestion(){
		global $conn;
		
		//sanatize tho
		$table_name = $_GET['tableName'];
		$suggestion_id = $_GET['id'];
		
		//make sure the table being requested in the right table name and not something like an injection command
		$accepted_tables = get_tables();
		
		if(in_array($table_name, $accepted_tables)){
			
			$table_name = htmlspecialchars($table_name);
			if($suggestion_id === null){
				//get all suggestions
				//since we cant prepare 
				$sql = $conn->prepare("SELECT * FROM $table_name");
				if(!$sql){
					echo 'invalid';
				}
				
			}else{
				$suggestion_id = htmlspecialchars($suggestion_id);
				//we are editting, lets get the specific suggestion
				$sql = $conn->prepare("SELECT * FROM $table_name WHERE suggestion_id = ?");
				$sql->bind_param("i", $suggestion_id);
			}
			

			
			
			$sql->execute();
			$result = get_result_fill($sql);

			while( $rows = array_shift( $result ) ){
				$data[] = array(
					"id" => $rows['suggestion_id'],
					"suggestion_name" => $rows['suggestion_title'],
					"suggestion_category" => $rows['suggestion_category'],
					"suggestion_price" => $rows['suggestion_price'], 
					"suggestion_weather" => $rows['suggestion_weather'], 
					"suggestion_time" => $rows['suggestion_time'], 
					"suggestion_temperature" => $rows['suggestion_temp']
				);
			}
			
		
			$json_encoded = json_encode($data, JSON_PRETTY_PRINT);
			
			echo $json_encoded;	
			
		}
		else{
			//someone is trying to send another type of table name
			echo 'invalid';
		}
				
	}