function handleTemplateSpecifics($req, $resp, $args, $tplName, &$htdoc)
{
/* If we're an internal-only template, will be inside /internal/ folder.
* List them here so can validate and look in there
*/
$internalPages = ["loggedInWelcomeTemplate", "newTripTemplate", "viewTripTemplate", "wordSwapTemplate"];
if (in_array($tplName, $internalPages)) {
if (hasValidSession()) {
$htdoc->loadHTMLFile("./html/internal/{$tplName}.html");
} else {
// Read in the unauthorized access deal
$htdoc->loadHTMLFile("./html/unauthorizedTemplate.html");
}
} else {
// If not an internal page, no need to check session
$htdoc->loadHTMLFile("./html/{$tplName}.html");
}
// A few details specific to individual views
switch ($tplName) {
case "navbarTemplate":
// Get the home url but with https
$selfAddr = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$baseAddr = explode('/api.php', $selfAddr)[0];
$secureURL = 'https://' . $baseAddr . "/#logIn";
// Set the href on log in (https/http)
$loginlink = $htdoc->getElementById("login");
$loginlink->setAttribute("href", $secureURL);
break;
case "loggedInWelcomeTemplate":
if (hasValidSession()) {
// Put in welcome message to specific username
$wtx = "Welcome " . getSessionUserName() . "!";
$htdoc->getElementById("welcUser")->nodeValue = $wtx;
}
}
}
/* test_api.php
* Server-side tests for application, deny access in production via .htaccess
* David Lenkner, c. 2016
*/
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
require 'vendor/autoload.php';
require_once 'php/templateSpecifics.php';
require_once 'php/authentication.php';
require_once 'php/utils.php';
$app = new \Slim\App();
// Test session variables and login session functions
$app->get('/testSession', function ($request, $response, $args) {
$un = getSessionUserName();
echo "User name is " . $un . "\n";
if (hasValidSession()) {
echo "Valid session.\n";
} else {
echo "Invalid session.\n";
}
});
// Test session variables alone by setting
$app->get('/setSV', function ($request, $response, $args) {
echo "4\n";
$_SESSION["a"] = '12345';
// echo "Okay set session var to " . $_SESSION["a"] . "\n";
});
// Test session variables alone by getting
$app->get('/getSV', function ($request, $response, $args) {
echo "SV A IS " . $_SESSION["a"];
});
// Special view-specific handling... loads some template from file
handleTemplateSpecifics($request, $response, $args, $templateName, $htdoc);
// Return document to client
echo $htdoc->saveHTML();
});
// Route for attempting to log in
$app->post('/login', function () {
validateAndCreateSession($_POST['username'], $_POST['password']);
});
// Route for logging out
$app->get('/logout', function () {
endLogInSession();
});
// Middleware function to return empty error response if not logged in
$RequireAuthMW = function ($request, $response, $next) {
if (!hasValidSession()) {
$rsp = new JsonResponse_Basic("Authentication required for route.");
$rsp->respondAndExit();
}
$response = $next($request, $response);
return $response;
};
// Route for starting a trip
$app->get('/startTrip', function () {
startTrippin();
})->add($RequireAuthMW);
// Route for stopping a trip
$app->get('/stopTrip', function () {
stopTrippin();
})->add($RequireAuthMW);
// Route for logging a point during a trip
