Skip to content
GitLab
Commit 51716025 authored by carboncrafters's avatar carboncrafters
Browse files

changes in api 

registering should work kindof
login needs some shanges but we are getting there
parent 6382cba5
Hide whitespace changes
Inline Side-by-side
Showing
with 170 additions and 22 deletions
+170 -22
api/index.php
+ 160
- 18
View file @ 51716025
<?php
include_once $_SERVER["DOCUMENT_ROOT"]."conn.php";
//mysql database connection
require_once $_SERVER["DOCUMENT_ROOT"]."conn.php";
//data sanitizing
function test_input($data) {
require $_SERVER["DOCUMENT_ROOT"].'conn.php';
$data = trim($data);
......@@ -15,54 +17,194 @@ function test_input($data) {
$data = preg_replace($patterns, $replacements, $data);
return $data;
}
function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_')
//random string generator function
function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_')
{
$str = '';
$str = '';
$max = mb_strlen($keyspace, '8bit') - 1;
for ($i = 0; $i < $length; ++$i) {
$str .= $keyspace[random_int(0, $max)];
}
return $str;
}
//error return functions
function err_400()
{ unset($return);
$return["error"]="true";
$return["type"]="400";
$return["description"]="The uri you requested is not a valid api request! Please try an other way and or look up the documentation at /info/api";
echo json_encode($return);
header("HTTP/1.0 400 Bad request");
die(json_encode($return));
}
function err_410(){
unset($return);
$return["error"]="true";
$return["type"]="410";
$return["description"]="The content referenced with this id was deleted from our servers! Sorry about that :/";
echo json_encode($return);
header("HTTP/1.0 410 Gone");
header("HTTP/1.0 410 Gone");
die(json_encode($return));
}
function err_404(){
unset($return);
$return["error"]="true";
$return["type"]="404";
$return["description"]="The content referenced with this id can not be found in our database! Sorry about that :/";
echo json_encode($return);
header("HTTP/1.0 404 Not Found");
header("HTTP/1.0 404 Not Found");
die(json_encode($return));
}
function err_403(){
unset($return);
$return["error"]="true";
$return["type"]="403";
$return["description"]="The content you are trying to access is prohibited! Sorry about that :/";
echo json_encode($return);
header("HTTP/1.0 403 Forbidden");
}
function err_403(){
unset($return);
$return["error"]="true";
$return["type"]="403";
$return["description"]="The content you are trying to access is prohibited! Sorry about that :/";
header("HTTP/1.0 403 Forbidden");
die(json_encode($return));
}
function err_400_message($msg,$extra){
$return["error"] = "true";
$return["type"] = "400";
$return["message"] = "$msg\nTo avoid unvanted behavour we had to abort the process please make sure you provide the correct values\nSorry for the inconvenience!";
$return["extra_info"] = "$extra";
header("HTTP/1.0 400 Bad Request");
die(json_encode($return));
}
//define some stuff cause why not
define("too_long","Sorry your value is way too long");
define("too_long_ex","Please make sure its less than 128 characters long!");
//set header to json as json is bae
header("Content-Type:application/json; charset=UTF-8");
switch (true) {
case 'register'==$_GET["set"]:
if ('POST'==$_SERVER["REQUEST_METHOD"]) {
if (!empty($_POST["uname"])) {
if ($max_db_len<=count($_POST["uname"])) {
//if (preg_match("/^[a-zA-Z0-9]*$/",$_POST["uname"])) {
$uname = test_input($_POST["uname"]);
/*}else{
}*/
}else{
err_400_message(too_long,"`uname` field too long! ".too_long_ex) ;
}
}else {
err_400_message("empty `uname`","The `uname` field can not be empty");
}
if (!empty($_POST["fname"])) {
if ($max_db_len<=count($_POST["fname"])) {
$fname = test_input($_POST["fname"]);
}else{
err_400_message(too_long,"`fname` field is too long! ".too_long_ex) ;
}
}else{
$fname="";
}
if (!empty($_POST["email"])) {
if ($max_db_len<=count($_POST["email"])) {
if (filter_var($_POST["email"],FILTER_VALIDATE_EMAIL)) {
$email = test_input($_POST["email"]) ;
}else {
err_400_message("Bad email format! ","Please make sure you enter a proper email address!");
}
}else{
err_400_message(too_long,"`email` field is too long! ".too_long_ex) ;
}
}else {
err_400_message("empty `uname`","The `uname` field can not be empty");
}
if (!empty($_POST["passw"])) {
if (128==count($_POST["passw"])) {
if (preg_match("/^[a-zA-Z0-9]*$/",$_POST["uname"])) {
$passw = hash("sha512",$_POST["passw"]);
}else{
err_400_message("Bad `Passw` format!","The `passw` field can only contain letters from A-Z, a-z and from 0-9!\nIt has to be an sha512 string!");
}
}else {
err_400_message("Insufficinet input length","The `passw` field has to be exactly 128 characters long!\nIt has to be an sha512 string!");
}
}else {
err_400_message("empty `passw`","The `passw` field can not be empty");
}
if(!empty($_POST["gender"])){
switch ($_POST["gender"]) {
case 'ns':
$gnd = 0;
break;
case 'nb':
$gnd = 1;
break;
case 'f':
$gnd = 2;
break;
case 'm':
$gnd = 3;
break;
default:
$gnd = 0;
break;
}
}
$uid = random_str(10);
//$hash = random_str(128);
$passw=password_hash($passw, PASSWORD_ARGON2I,['memory_cost' => 40960, 'time_cost' => 100, 'threads' => 32]);
$sql = "INSERT INTO `users` (`uid`, `uname`, `fname`, `lname`, `email`, `password`, `gender`)
VALUES('$uid', '$uname', '$fname', '$lname', '$email', '$passw', '$gnd');";
if ($conn->query($sql) === TRUE) {
$return["error"]="false";
$return["type"]="201";
$return["message"]="The profile has been created successfully!";
echo json_encode($return);
header("HTTP/1.0 201 Created");
}else{
$return["error"]="true";
$return["type"]="500";
$return["description"]="An error happened while processing your request, we are very sorry! mysql said: ".$conn->error;
echo json_encode($return);
header("HTTP/1.0 500 Internal server error");
}
}else {
err_400();
}
break;
case 'login'==$_GET["get"]:
if ('POST'==$_SERVER["REQUEST_METHOD"]) {
if (!empty($_POST["email"])) {
$email = test_input($_POST["email"]);
}else {
err_400_message("Empty `email` field!","The `email` field can not be empty!");
}
if (!empty($_POST["passw"])) {
$passw = hash("sha512",$_POST["passw"]);
}else {
err_400_message("Empty `passw` field!","The `passw` field can not be empty!");
}
$sql = "SELECT `password` FROM `users` WHERE `email`='$email';";
$result = $conn -> querry($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$dbpw = $row["password"];
}
if(1==password_verify($passw,$dbpw)){
$return["error"]="false";
$return["type"]="200";
$return["message"]="Successful login!";
echo json_encode($return);
header("HTTP/1.0 200 Ok");
}else{
err_403();
}
}else{
err_404();
}
}else {
err_400();
}
break;
default:
err_400();
break;
......
conn.php
+ 9
- 4
View file @ 51716025
......@@ -2,13 +2,18 @@
//mysql connect
$dbhost = "localhost";
$dbuser = "uni-task";
$dbpw = '';
$dbpw = 'passw';
$db = "uni-task";
$conn = mysqli_connect($dbhost,$dbuser,$dbpw,$db);
if (mysqli_connect_errno()){
echo"failed to connect to server @ ".mysqli_connect_error();
}else{
// print('ok');
header("Content-Type:application/json; charset=UTF-8");
unset($return);
$return["error"]="true";
$return["type"]="500";
$return["description"]="Our server did an oopsie! Sorry about that :/";
$return["extra_info"]="Mysql said: failed to connect to server @ ".mysqli_connect_error();
header("HTTP/1.0 500 Internal Server Error");
die(json_encode($return));
}
?>
\ No newline at end of file
setup.php 0 → 100644
+ 1
- 0
View file @ 51716025
//this file will be resposible of setting up the initial environment
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment