예제 #1
0
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('get', function ($request, $services) {
    session_start();
    $stmt = $services['pdo']->prepare('
			SELECT 
				`id`, 
				`username`, 
				UNIX_TIMESTAMP(`created`) AS `created`,
				`admin`
			FROM `User` 
			WHERE `id` = (
				SELECT `ownerID` 
				FROM `Session` 
				WHERE `id` = :sessionID 
					AND `active` = 1
				LIMIT 1)');
    $stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
    $stmt->execute();
    $result = $stmt->fetch(PDO::FETCH_ASSOC);
    if ($result) {
        $result['id'] = intval($result['id']);
        $result['created'] = intval($result['created']);
        $result['admin'] = $result['admin'] !== '0';
        return $result;
    } else {
        throw new UnauthorizedException();
    }
});
$router->route();
<?php

require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('post', function ($request, $services) {
    $request->params->mustHave('username');
    $request->params->mustHave('password');
    $stmt = $services['pdo']->prepare('INSERT INTO `User` (`username`, `password`) VALUES (:username, :password)');
    $stmt->bindValue('username', $request->params['username'], PDO::PARAM_STR);
    $password = password_hash($request->params['password'], PASSWORD_DEFAULT);
    $stmt->bindValue('password', $password, PDO::PARAM_STR);
    try {
        $stmt->execute();
    } catch (PDOException $e) {
        if (-1 !== strpos($e->getMessage(), 'Integrity constraint violation')) {
            throw new ConflictExistsException('Username taken.');
        }
    }
    if ($stmt->rowCount() < 1) {
        throw new ConflictExistsException('Username taken.');
    }
});
$router->route();
<?php

require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException';
$router = new Router();
$router->on('get', function ($request, $services) {
    $sql = '
	SELECT 
		`id`, 
		`name`, 
		`ownerID`, 
		`start`, 
		`end`, 
		`location` 
	FROM `Event` 
	WHERE `name` LIKE "%:query%"';
    $stmt = $services['pdo']->prepare($sql);
    $stmt->bindValue('query', $request['query'], PDO::PARAM_STR);
    $stmt->execute();
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
    if ($result) {
        return $result;
    } else {
        throw new InternalServerError('Failed to search events.');
    }
});
$router->route();
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('post', function ($request, $services) {
    $request->params->mustHave('username');
    $request->params->mustHave('password');
    $stmt = $services['pdo']->prepare('SELECT `password`, `id` FROM `User` WHERE `username` = :username LIMIT 1');
    $stmt->bindValue('username', $request->params['username'], PDO::PARAM_STR);
    $stmt->execute();
    $stmt->bindColumn('password', $passwordHash, PDO::PARAM_STR);
    $stmt->bindColumn('id', $userID, PDO::PARAM_INT);
    if (!$stmt->fetch(PDO::FETCH_BOUND) || !$passwordHash || !password_verify($request->params['password'], $passwordHash)) {
        throw new UnauthorizedException('Login failed.');
    }
    session_start();
    $stmt = $services['pdo']->prepare('UPDATE `Session` SET `active` = 0 WHERE `id` = :sessionID LIMIT 1');
    $stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
    $stmt->execute();
    session_regenerate_id();
    $stmt = $services['pdo']->prepare('INSERT INTO `Session` (`id`, `ownerID`, `expiration`, `active`) VALUES (:id, :ownerID, CURRENT_TIMESTAMP() + INTERVAL 1 HOUR, 1)');
    $stmt->bindValue('id', session_id(), PDO::PARAM_STR);
    $stmt->bindValue('ownerID', $userID, PDO::PARAM_INT);
    $stmt->execute();
    if ($stmt->rowCount() < 1) {
        throw new InternalServerException('Failed to register session.');
    }
    return ['sessionID' => session_id()];
});
$router->route();
$router->on('post', function ($request, $services) {
    session_start();
    $stmt = $services['pdo']->prepare('SELECT `ownerID` FROM `Session` WHERE `id` = :sessionID');
    $stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
    $stmt->execute();
    $currentUID = $stmt->fetchColumn(0);
    if ($currentUID === false) {
        throw new UnauthorizedException('You are not allowed to create events.');
    }
    $request->params->mustHave('name');
    $request->params->mustHave('start');
    $request->params->mustHave('end');
    $request->params->mustHave('location');
    $stmt = $services['pdo']->prepare('
		INSERT INTO `Event` (
			`name`, 
			`ownerID`, 
			`start`, 
			`end`, 
			`location`
		) VALUES (
			:name,
			:ownerID,
			FROM_UNIXTIME(:start),
			FROM_UNIXTIME(:end),
			:location
		)');
    $stmt->bindValue('name', $request->params['name'], PDO::PARAM_STR);
    $stmt->bindValue('ownerID', $currentUID, PDO::PARAM_INT);
    $stmt->bindValue('start', $request->params['start'], PDO::PARAM_INT);
    $stmt->bindValue('end', $request->params['end'], PDO::PARAM_INT);
    $stmt->bindValue('location', $request->params['location'], PDO::PARAM_STR);
    $stmt->execute();
    if ($stmt->rowCount() < 0) {
        return new Response('', 304);
    }
});
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('post', function ($request, $services) {
    session_start();
    $stmt = $services['pdo']->prepare('SELECT `ownerID` FROM `Session` WHERE `id` = :sessionID');
    $stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
    $stmt->execute();
    $currentUID = $stmt->fetchColumn(0);
    if ($currentUID === false) {
        throw new UnauthorizedException('You must be logged in to delete events.');
    }
    $request->params->mustHave('id');
    $stmt = $services['pdo']->prepare('
		DELETE e FROM `Event` AS e
		WHERE e.`id` = :eventID 
			AND EXISTS (
				SELECT * FROM `User` AS u
				WHERE u.`id` = :currentUID
					AND (e.`ownerID` = u.`id` OR u.`admin` = 1)
				LIMIT 1
		)');
    $stmt->bindValue('eventID', $request->params['id'], PDO::PARAM_INT);
    $stmt->bindValue('currentUID', $currentUID, PDO::PARAM_INT);
    $stmt->execute();
    if ($stmt->rowCount() < 1) {
        return new Response('', 304);
    }
});
$router->route();
예제 #7
0
<?php

require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
$router = new Router();
$router->on('get', function ($request, $services) {
    $stmt = $services['pdo']->prepare('
		SELECT 
			`id`, 
			`name`, 
			`ownerID`, 
			UNIX_TIMESTAMP(`start`) AS `start`, 
			UNIX_TIMESTAMP(`end`) AS `end`, 
			`location`
		FROM `Event` 
		ORDER BY `id` ASC');
    $stmt->execute();
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
    if ($result === false) {
        throw new InternalServiceException('Failed to list events.');
    }
    foreach ($result as &$event) {
        $event['id'] = intval($event['id']);
        $event['ownerID'] = intval($event['ownerID']);
        $event['start'] = intval($event['start']);
        $event['end'] = intval($event['end']);
    }
    return $result;
});
$router->route();
<?php

require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
$router = new Router();
$router->on('post', function ($request, $services) {
    session_start();
    $stmt = $services['pdo']->prepare('UPDATE `Session` SET `active` = 0 WHERE `id` = :sessionID');
    $stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
    $stmt->execute();
});
$router->route();