function handleTemplateSpecifics($req, $resp, $args, $tplName, &$htdoc) { /* If we're an internal-only template, will be inside /internal/ folder. * List them here so can validate and look in there */ $internalPages = ["loggedInWelcomeTemplate", "newTripTemplate", "viewTripTemplate", "wordSwapTemplate"]; if (in_array($tplName, $internalPages)) { if (hasValidSession()) { $htdoc->loadHTMLFile("./html/internal/{$tplName}.html"); } else { // Read in the unauthorized access deal $htdoc->loadHTMLFile("./html/unauthorizedTemplate.html"); } } else { // If not an internal page, no need to check session $htdoc->loadHTMLFile("./html/{$tplName}.html"); } // A few details specific to individual views switch ($tplName) { case "navbarTemplate": // Get the home url but with https $selfAddr = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; $baseAddr = explode('/api.php', $selfAddr)[0]; $secureURL = 'https://' . $baseAddr . "/#logIn"; // Set the href on log in (https/http) $loginlink = $htdoc->getElementById("login"); $loginlink->setAttribute("href", $secureURL); break; case "loggedInWelcomeTemplate": if (hasValidSession()) { // Put in welcome message to specific username $wtx = "Welcome " . getSessionUserName() . "!"; $htdoc->getElementById("welcUser")->nodeValue = $wtx; } } }
/* test_api.php * Server-side tests for application, deny access in production via .htaccess * David Lenkner, c. 2016 */ use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ResponseInterface as Response; require 'vendor/autoload.php'; require_once 'php/templateSpecifics.php'; require_once 'php/authentication.php'; require_once 'php/utils.php'; $app = new \Slim\App(); // Test session variables and login session functions $app->get('/testSession', function ($request, $response, $args) { $un = getSessionUserName(); echo "User name is " . $un . "\n"; if (hasValidSession()) { echo "Valid session.\n"; } else { echo "Invalid session.\n"; } }); // Test session variables alone by setting $app->get('/setSV', function ($request, $response, $args) { echo "4\n"; $_SESSION["a"] = '12345'; // echo "Okay set session var to " . $_SESSION["a"] . "\n"; }); // Test session variables alone by getting $app->get('/getSV', function ($request, $response, $args) { echo "SV A IS " . $_SESSION["a"]; });
// Special view-specific handling... loads some template from file handleTemplateSpecifics($request, $response, $args, $templateName, $htdoc); // Return document to client echo $htdoc->saveHTML(); }); // Route for attempting to log in $app->post('/login', function () { validateAndCreateSession($_POST['username'], $_POST['password']); }); // Route for logging out $app->get('/logout', function () { endLogInSession(); }); // Middleware function to return empty error response if not logged in $RequireAuthMW = function ($request, $response, $next) { if (!hasValidSession()) { $rsp = new JsonResponse_Basic("Authentication required for route."); $rsp->respondAndExit(); } $response = $next($request, $response); return $response; }; // Route for starting a trip $app->get('/startTrip', function () { startTrippin(); })->add($RequireAuthMW); // Route for stopping a trip $app->get('/stopTrip', function () { stopTrippin(); })->add($RequireAuthMW); // Route for logging a point during a trip