require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('get', function ($request, $services) {
session_start();
$stmt = $services['pdo']->prepare('
SELECT
`id`,
`username`,
UNIX_TIMESTAMP(`created`) AS `created`,
`admin`
FROM `User`
WHERE `id` = (
SELECT `ownerID`
FROM `Session`
WHERE `id` = :sessionID
AND `active` = 1
LIMIT 1)');
$stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$result['id'] = intval($result['id']);
$result['created'] = intval($result['created']);
$result['admin'] = $result['admin'] !== '0';
return $result;
} else {
throw new UnauthorizedException();
}
});
$router->route();
<?php
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('post', function ($request, $services) {
$request->params->mustHave('username');
$request->params->mustHave('password');
$stmt = $services['pdo']->prepare('INSERT INTO `User` (`username`, `password`) VALUES (:username, :password)');
$stmt->bindValue('username', $request->params['username'], PDO::PARAM_STR);
$password = password_hash($request->params['password'], PASSWORD_DEFAULT);
$stmt->bindValue('password', $password, PDO::PARAM_STR);
try {
$stmt->execute();
} catch (PDOException $e) {
if (-1 !== strpos($e->getMessage(), 'Integrity constraint violation')) {
throw new ConflictExistsException('Username taken.');
}
}
if ($stmt->rowCount() < 1) {
throw new ConflictExistsException('Username taken.');
}
});
$router->route();
<?php
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException';
$router = new Router();
$router->on('get', function ($request, $services) {
$sql = '
SELECT
`id`,
`name`,
`ownerID`,
`start`,
`end`,
`location`
FROM `Event`
WHERE `name` LIKE "%:query%"';
$stmt = $services['pdo']->prepare($sql);
$stmt->bindValue('query', $request['query'], PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
return $result;
} else {
throw new InternalServerError('Failed to search events.');
}
});
$router->route();
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('post', function ($request, $services) {
$request->params->mustHave('username');
$request->params->mustHave('password');
$stmt = $services['pdo']->prepare('SELECT `password`, `id` FROM `User` WHERE `username` = :username LIMIT 1');
$stmt->bindValue('username', $request->params['username'], PDO::PARAM_STR);
$stmt->execute();
$stmt->bindColumn('password', $passwordHash, PDO::PARAM_STR);
$stmt->bindColumn('id', $userID, PDO::PARAM_INT);
if (!$stmt->fetch(PDO::FETCH_BOUND) || !$passwordHash || !password_verify($request->params['password'], $passwordHash)) {
throw new UnauthorizedException('Login failed.');
}
session_start();
$stmt = $services['pdo']->prepare('UPDATE `Session` SET `active` = 0 WHERE `id` = :sessionID LIMIT 1');
$stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
$stmt->execute();
session_regenerate_id();
$stmt = $services['pdo']->prepare('INSERT INTO `Session` (`id`, `ownerID`, `expiration`, `active`) VALUES (:id, :ownerID, CURRENT_TIMESTAMP() + INTERVAL 1 HOUR, 1)');
$stmt->bindValue('id', session_id(), PDO::PARAM_STR);
$stmt->bindValue('ownerID', $userID, PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() < 1) {
throw new InternalServerException('Failed to register session.');
}
return ['sessionID' => session_id()];
});
$router->route();
$router->on('post', function ($request, $services) {
session_start();
$stmt = $services['pdo']->prepare('SELECT `ownerID` FROM `Session` WHERE `id` = :sessionID');
$stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
$stmt->execute();
$currentUID = $stmt->fetchColumn(0);
if ($currentUID === false) {
throw new UnauthorizedException('You are not allowed to create events.');
}
$request->params->mustHave('name');
$request->params->mustHave('start');
$request->params->mustHave('end');
$request->params->mustHave('location');
$stmt = $services['pdo']->prepare('
INSERT INTO `Event` (
`name`,
`ownerID`,
`start`,
`end`,
`location`
) VALUES (
:name,
:ownerID,
FROM_UNIXTIME(:start),
FROM_UNIXTIME(:end),
:location
)');
$stmt->bindValue('name', $request->params['name'], PDO::PARAM_STR);
$stmt->bindValue('ownerID', $currentUID, PDO::PARAM_INT);
$stmt->bindValue('start', $request->params['start'], PDO::PARAM_INT);
$stmt->bindValue('end', $request->params['end'], PDO::PARAM_INT);
$stmt->bindValue('location', $request->params['location'], PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() < 0) {
return new Response('', 304);
}
});
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
require_once __DIR__ . '/../../src/HTTPException.php';
$router = new Router();
$router->on('post', function ($request, $services) {
session_start();
$stmt = $services['pdo']->prepare('SELECT `ownerID` FROM `Session` WHERE `id` = :sessionID');
$stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
$stmt->execute();
$currentUID = $stmt->fetchColumn(0);
if ($currentUID === false) {
throw new UnauthorizedException('You must be logged in to delete events.');
}
$request->params->mustHave('id');
$stmt = $services['pdo']->prepare('
DELETE e FROM `Event` AS e
WHERE e.`id` = :eventID
AND EXISTS (
SELECT * FROM `User` AS u
WHERE u.`id` = :currentUID
AND (e.`ownerID` = u.`id` OR u.`admin` = 1)
LIMIT 1
)');
$stmt->bindValue('eventID', $request->params['id'], PDO::PARAM_INT);
$stmt->bindValue('currentUID', $currentUID, PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() < 1) {
return new Response('', 304);
}
});
$router->route();
<?php
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
$router = new Router();
$router->on('get', function ($request, $services) {
$stmt = $services['pdo']->prepare('
SELECT
`id`,
`name`,
`ownerID`,
UNIX_TIMESTAMP(`start`) AS `start`,
UNIX_TIMESTAMP(`end`) AS `end`,
`location`
FROM `Event`
ORDER BY `id` ASC');
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result === false) {
throw new InternalServiceException('Failed to list events.');
}
foreach ($result as &$event) {
$event['id'] = intval($event['id']);
$event['ownerID'] = intval($event['ownerID']);
$event['start'] = intval($event['start']);
$event['end'] = intval($event['end']);
}
return $result;
});
$router->route();
<?php
require_once __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../src/Router.php';
$router = new Router();
$router->on('post', function ($request, $services) {
session_start();
$stmt = $services['pdo']->prepare('UPDATE `Session` SET `active` = 0 WHERE `id` = :sessionID');
$stmt->bindValue('sessionID', session_id(), PDO::PARAM_STR);
$stmt->execute();
});
$router->route();