Kilian/PHP-Course
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: Kilian:edf8b7cecff1c9d90aa5514111893085ed6db51c
Branches Tags
Kilian:master
..
compare: Kilian:4d25387a4713e4baefb2bb487666f9f339f8264d
Branches Tags
Kilian:master

No commits in common. "edf8b7cecff1c9d90aa5514111893085ed6db51c" and "4d25387a4713e4baefb2bb487666f9f339f8264d" have entirely different histories.
edf8b7cecf ... 4d25387a47

11 changed files with 8 additions and 217 deletions
Show Stats Expand all files Collapse all files

0
exam/api/docs/index.css
View File

11
exam/api/docs/index.html
View File

@ -1,10 +1 @@
<!DOCTYPE html>
<html lang="en">
<head>
<link href="./index.css" rel="stylesheet" />
<title>API Docs</title>
</head>
<body></body>
</html>
DOCUMENTATION

5
exam/api/index.php
View File

@ -1,3 +1,4 @@
<?php
Headers::redirect("docs/index.html");
foreach (glob(__DIR__ . '/*/index.php') as $filename) {
require_once($filename);
}

26
exam/api/posts/index.php
View File

@ -1,26 +0,0 @@
<?php
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case "GET":
return get();
default:
return Response::api("$method not supported", 500);
}
function get()
{
$db = Database::getInstance();
$query =
"SELECT
*
FROM
egb_gaestebuch";
$stmt = $db->prepare($query);
$stmt->execute();
Response::api($stmt->fetchAll());
}

97
exam/api/users/index.php
View File

@ -4,105 +4,12 @@ $method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case "GET":
if (Auth::hasPermission("read")) return get();
break;
case "PUT":
if (Auth::hasPermission("write")) return put();
break;
case "POST":
if (Auth::hasPermission("write")) return post();
break;
case "DELETE":
if (Auth::hasPermission("write")) return delete();
break;
return get();
default:
return Response::api("$method not supported", 500);
}
return Response::api("Not allowed", 401);
function get()
{
$db = Database::getInstance();
$query =
"SELECT
*
FROM
Users";
$stmt = $db->prepare($query);
$stmt->execute();
Response::api($stmt->fetchAll());
}
function put()
{
$db = Database::getInstance();
$_PUT = json_decode(file_get_contents('php://input'), true);
$query =
"INSERT INTO
Users(FirstName, LastName, Token)
VALUES(:FIRST, :LAST, UUID())";
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":FIRST", $_PUT["firstName"]);
$stmt->bindValue(":LAST", $_PUT["lastName"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}
function post()
{
$db = Database::getInstance();
$query =
"UPDATE
Users
SET
FirstName = :FIRST, LastName = :LAST
WHERE
ID = :ID";
$_POST = json_decode(file_get_contents('php://input'), true);
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":FIRST", $_POST["firstName"]);
$stmt->bindValue(":LAST", $_POST["lastName"]);
$stmt->bindValue(":ID", $_POST["ID"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}
function delete()
{
$db = Database::getInstance();
$_DELETE = json_decode(file_get_contents('php://input'), true);
$query =
"DELETE FROM
Users
WHERE
ID = :ID";
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":ID", $_DELETE["ID"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
Response::api("GET USERS");
}

4
exam/app/app.php
View File

@ -1,8 +1,6 @@
<?php
if (strpos($_SERVER["REQUEST_URI"], "api") === false) {
ini_set("display_errors", 1);
}
ini_set("display_errors", 1);
ini_set("default_charset", "utf-8");
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1);

9
exam/config/database.php
View File

@ -1,9 +0,0 @@
<?php
return [
"host" => "usersql.zedat.fu-berlin.de",
"user" => "khofmann-sql",
"passwd" => "xz8c7m7p",
"database" => "khofmann-db1",
"charset" => "utf8",
];

6
exam/routes/routes.php
View File

@ -4,11 +4,7 @@ $path = ltrim(str_replace(Config::getBasePath(), "", $_SERVER['REQUEST_URI']), "
try {
if (substr($path, 0, 3) === "api") {
if (strpos($path, "docs") === false) {
require_once __DIR__ . "/../$path/index.php";
} else {
Headers::redirect("index.html");
}
require_once __DIR__ . "/../api/index.php";
} else {
require_once __DIR__ . "/../pages/index.html";
}

28
exam/vendor/auth/auth.php vendored
View File

@ -1,28 +0,0 @@
<?php
class Auth
{
public static function hasPermission(string $required)
{
$db = Database::getInstance();
if (!isset($_SERVER["HTTP_TOKEN"])) return false;
$token = $_SERVER["HTTP_TOKEN"];
$query =
"SELECT
UserPermissions.Permission
FROM
UserPermissions, Users
WHERE
Users.ID = UserPermissions.fkUserID AND
Users.Token = :TOKEN";
$stmt = $db->prepare($query);
$stmt->bindValue(":TOKEN", $token);
$stmt->execute();
$perms = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
return in_array($required, $perms);
}
}

7
exam/vendor/config/config.php vendored
View File

@ -5,12 +5,10 @@ class Config
private static $instances = [];
private array $app;
private array $database;
protected function __construct()
{
$this->app = require_once __DIR__ . "/../../config/app.php";
$this->database = require_once __DIR__ . "/../../config/database.php";
}
protected function __clone()
@ -36,9 +34,4 @@ class Config
{
return Config::getInstance()->app["basePath"];
}
public static function getDatabase()
{
return Config::getInstance()->database;
}
}

32
exam/vendor/database/database.php vendored
View File

@ -1,32 +0,0 @@
<?php
class Database extends PDO
{
private static $instances = [];
protected function __construct($dsn, $username = null, $password = null, array $options = null)
{
parent::__construct($dsn, $username, $password, $options);
}
public static function getInstance(): Database
{
$cls = static::class;
if (!isset(self::$instances[$cls])) {
$dataAccess = Config::getDatabase();
self::$instances[$cls] = new static(
"mysql:host={$dataAccess["host"]};dbname={$dataAccess["database"]};charset={$dataAccess["charset"]}",
$dataAccess["user"],
$dataAccess["passwd"],
[
PDO::ATTR_PERSISTENT => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]
);
}
return self::$instances[$cls];
}
}