function generate_session_key($app, $email)
{
$key = base64_encode(openssl_random_pseudo_bytes(32));
$accountID = get_account_id_from_email($app, $email);
$link = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
$query = "INSERT INTO `sessions` (`key`, `account_id`) VALUES (?, ?)";
echo $query;
$SQLparams = array($key, $accountID);
$result = mysqli_prepared_query($app, $link, $query, "sd", $SQLparams);
mysqli_close($link);
return $key;
}
$params = $request->getParsedBody();
$token = $params['token'];
$email = get_email_from_key($this, $token);
$imdbid = $params['imdbid'];
$stars = $params['stars'];
$review = $params['review'];
$this->logger->info("User: "******"imdbid: " . $imdbid);
$this->logger->info("stars: " . $stars);
$this->logger->info("review: " . $review);
if (strlen($imdbid) != 9) {
//bad input reply with 400:Bad Request
$this->logger->info("Exiting for malformed imdbid");
return $response->withStatus(400);
}
$accountID = get_account_id_from_email($this, $email);
$query = "INSERT INTO ratings(user, movie, stars, review)";
$query = $query . " VALUES (?, ?, ?, ?)";
$query = $query . " ON DUPLICATE KEY UPDATE stars=?, review=?";
$SQLparams = array($accountID, $imdbid, $stars, $review, $stars, $review);
$link = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
$result = mysqli_prepared_query($this, $link, $query, "dsdsds", $SQLparams);
mysqli_close($link);
$data['imdbid'] = $imdbid;
$data['stars'] = $stars;
$data['review'] = $review;
return $response->withHeader('Content-Type', 'application/json')->write(json_encode($data));
});
$app->get('/api/rating', function ($request, $response, $args) {
$this->logger->info("GET /api/rating");
$params = $request->getQueryParams();