Image now a file

exam/classes/.htaccess

@@ -0,0 +1,30 @@
+RewriteEngine On
+
+##
+## You may need to uncomment the following line for some hosting environments,
+## if you have installed to a subdirectory, enter the name here also.
+##
+RewriteBase /phpCourse/exam
+
+##
+## Black listed folders
+##
+RewriteRule ^phpCourse/exam/config/.* index.php [L,NC]
+RewriteRule ^phpCourse/exam/vendor/.* index.php [L,NC]
+RewriteRule ^phpCourse/exam/routes/.* index.php [L,NC]
+RewriteRule ^phpCourse/exam/react/.* index.php [L,NC]
+
+##
+## API routes
+##
+RewriteCond %{REQUEST_FILENAME} /api/.*
+RewriteCond %{REQUEST_FILENAME} !/api/docs
+RewriteRule ^ api/index.php [L,NC,QSA]
+
+##
+## Standard routes
+##
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !/api/docs
+RewriteCond %{REQUEST_FILENAME} !/dist
+RewriteRule ^ dist [L,NC,QSA]

exam/classes/Auth/AdminAuth.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Khofmann\Auth;
+
+use Exception;
+use Pecee\Http\Middleware\IMiddleware;
+use Pecee\Http\Request;
+use Khofmann\Models\User\User;
+
+class AdminAuth implements IMiddleware
+{
+  public function handle(Request $request): void
+  {
+    $token = $request->getHeader("token");
+
+    // No token
+    if ($token === null) {
+      response()->httpCode(401)->json(["message" => "Not Authorized"]);
+    }
+
+    try {
+      $user = User::getByToken($token);
+      if (!$user->getIsAdmin()) {
+        response()->httpCode(401)->json(["message" => "Not Authorized"]);
+      }
+    } catch (Exception $err) {
+      // No user with this token exists
+      response()->httpCode(401)->json(["message" => "Not Authorized"]);
+    }
+  }
+}

exam/classes/Input/Input.php

@@ -4,17 +4,18 @@ namespace Khofmann\Input;
 
 class Input
 {
-  private static function input($index = null, $defaultValue = null, ...$methods)
-  {
-    if ($index !== null) {
-      return request()->getInputHandler()->value($index, $defaultValue, ...$methods);
-    }
-
-    return request()->getInputHandler();
-  }
-
   public static function post($index, $defaultValue = null)
   {
-    return input()->post($index, $defaultValue);
+    return request()->getInputHandler()->post($index, $defaultValue);
+  }
+
+  public static function get($index, $defaultValue = null)
+  {
+    return request()->getInputHandler()->get($index, $defaultValue);
+  }
+
+  public static function file($index, $defaultValue = null)
+  {
+    return request()->getInputHandler()->file($index, $defaultValue);
   }
 }

exam/classes/Models/User/User.php

@@ -5,6 +5,7 @@ namespace Khofmann\Models\User;
 use Exception;
 use PDO;
 use Khofmann\Database\Database;
+use Config\Config;
 use JsonSerializable;
 
 class User implements JsonSerializable
@@ -40,8 +41,7 @@ class User implements JsonSerializable
     $stmt->execute();
     $data = $stmt->fetch();
 
-    if (!$data)
-      throw new Exception("No user found");
+    if (!$data) throw new Exception("NotFound");
 
     return new User($id, $data["benutzer"], $data["status"], $data["email"], $data["image"], $data["isadmin"] === 1);
   }
@@ -56,8 +56,7 @@ class User implements JsonSerializable
     $stmt->execute();
     $data = $stmt->fetch();
 
-    if (!$data)
-      throw new Exception("No user found");
+    if (!$data) throw new Exception("NotFound");
 
     return new User($data["id"], $data["benutzer"], $data["status"], $email, $data["image"], $data["isadmin"] === 1);
   }
@@ -72,8 +71,7 @@ class User implements JsonSerializable
     $stmt->execute();
     $data = $stmt->fetch();
 
-    if (!$data)
-      throw new Exception("No user found");
+    if (!$data) throw new Exception("NotFound");
 
     return new User($data["id"], $data["benutzer"], $data["status"], $data["email"], $data["image"], $data["isadmin"] === 1);
   }
@@ -127,15 +125,49 @@ class User implements JsonSerializable
   * Members
   */
 
-  public function logOut(string $token): bool
+  public function logOut(): bool
   {
     $db = Database::getInstance();
-    // Get user data
     $stmt = $db->prepare("UPDATE egb_benutzer SET token = NULL WHERE id = :ID");
     $stmt->bindValue(":ID", $this->id);
     return $stmt->execute();
   }
 
+  public function update(?string $username, ?string $password, $image = null)
+  {
+    $db = Database::getInstance();
+
+    $error = false;
+    if (!empty($username)) {
+      $stmt = $db->prepare("UPDATE egb_benutzer SET benutzer = :USR WHERE id = :ID");
+      $stmt->bindValue(":USR", $username);
+      $stmt->bindValue(":ID", $this->id);
+      $error = !$stmt->execute();
+    }
+    if ($error) throw new Exception("FailedUsername");
+
+    if (!empty($password)) {
+      $stmt = $db->prepare("UPDATE egb_benutzer SET passwort = :PAS WHERE id = :ID");
+      $stmt->bindValue(":PAS", password_hash($password, PASSWORD_DEFAULT));
+      $stmt->bindValue(":ID", $this->id);
+      $error = !$stmt->execute();
+    }
+    if ($error) throw new Exception("FailedPassword");
+
+    if (!empty($image)) {
+      $destinationFilename = sprintf('%s.%s', uniqid(), $image->getExtension());
+      $image->move(Config::getBaseFSPath() . "uploads/profilbilder/$destinationFilename");
+
+      $stmt = $db->prepare("UPDATE egb_benutzer SET image = :IMG WHERE id = :ID");
+      $stmt->bindValue(":IMG", $destinationFilename);
+      $stmt->bindValue(":ID", $this->id);
+      $error = !$stmt->execute();
+    }
+    if ($error) throw new Exception("FailedImage");
+
+    return true;
+  }
+
   /*
   * Getters
   */
@@ -160,7 +192,7 @@ class User implements JsonSerializable
     return $this->email;
   }
 
-  public function getImage(): string
+  public function getImage(): ?string
   {
     return $this->image;
   }