<?php session_start(); use views\helpers\PathHelper; require_once dirname(dirname(dirname(__FILE__))) . '/views/helpers/PathHelper.php'; $path = new PathHelper(); require_once $path->getModelPath() . 'DBHandler.php'; require_once $path->getModelPath() . 'AuthHandler.php'; require_once $path->getConfigPath() . 'connectionInfo.private.php'; $dbHandler = new DBHandler($host, $user, $password, $db); $authHandler = new AuthHandler($dbHandler); if (isset($_POST['title']) && isset($_POST['content'])) { if ($id = $dbHandler->insertNote($_POST['title'], $_POST['content'], $authHandler->getUserId())) { $result = array("id" => $id, "title" => $_POST['title'], "content" => $_POST['content']); } else { header("HTTP/1.1 501 Could not modify object"); $result = array("error" => "An error occurred saving your note."); } } else { // title and content were not set header("HTTP/1.1 502 Empty parameter set"); $result = array("error" => "Please provide a title and content for your note."); } header("Content-Type: application/json; charset=UTF-8"); echo json_encode($result);
<?php use views\helpers\PathHelper; require_once dirname(dirname(__FILE__)) . '/views/helpers/PathHelper.php'; $path = new PathHelper(); require_once $path->getModelPath() . 'Note.php'; require_once $path->getModelPath() . 'User.php'; class DBHandler { var $connection; /** * @param $host String host to connect to. * @param $user String username to use with the connection. Make sure to grant all necessary privileges. * @param $password String password belonging to the username. * @param $db String name of the database. */ function __construct($host, $user, $password, $db) { $this->connection = new mysqli($host, $user, $password, $db); $this->connection->set_charset('utf8'); // prevent charset errors. $this->ensureUsersTable(); $this->ensureNotesTable(); } function ensureUsersTable() { assert($this->connection); $queryString = "CREATE TABLE IF NOT EXISTS users (id INT(5) PRIMARY KEY AUTO_INCREMENT, " . "name VARCHAR(100) UNIQUE NOT NULL, password VARCHAR(255) NOT NULL)"; // it's okay not to use prepared statements here // because it is quite a static thing to do and does not take potentially harmful user input. $this->connection->query($queryString);
<?php use views\helpers\PathHelper; session_start(); require_once dirname(__FILE__) . '/app/views/helpers/PathHelper.php'; $path = new PathHelper(); require_once $path->getModelPath() . 'DBHandler.php'; require_once $path->getModelPath() . 'AuthHandler.php'; require_once $path->getConfigPath() . 'connectionInfo.private.php'; $dbHandler = new DBHandler($host, $user, $password, $db); $authHandler = new AuthHandler($dbHandler); ?> <!DOCTYPE html> <html> <head lang="en"> <meta charset="UTF-8"> <title>User Notes</title> <link rel="shortcut icon" type="image/x-icon" href="<?php echo $path->getAssetPath(); ?> /favicon.ico"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css"> <link rel="stylesheet" href="<?php echo $path->getAssetPath(); ?> /css/notes.css"/> </head> <body> <header class="header"> <?php
<?php define('authSessionKey', 'isAuthenticated'); use views\helpers\PathHelper; require_once dirname(dirname(__FILE__)) . '/views/helpers/PathHelper.php'; $path = new PathHelper(); require_once $path->getModelPath() . 'DBHandler.php'; class AuthHandler { var $dbHandler; /** * AuthHandler constructor. * @param $dbHandler DBHandler */ function __construct($dbHandler) { $this->dbHandler = $dbHandler; } function registerUser($userName, $password) { $hash = password_hash($password, PASSWORD_DEFAULT); return $this->dbHandler->insertUser($userName, $hash); } function loginUser($userName, $password) { $user = $this->dbHandler->queryUserByUserName($userName); $passwordVerificationResult = password_verify($password, $user->getHash()); if ($passwordVerificationResult) { $_SESSION[authSessionKey] = true; $_SESSION['userName'] = $user->getName(); $_SESSION['userId'] = $user->getId();