set up controller files for transition to PDO

Aarif123456 · Nov 22, 2020 · 1984b7a · 1984b7a
1 parent 867c6a4
commit 1984b7a
Show file tree

Hide file tree

Showing 32 changed files with 195 additions and 159 deletions.
diff --git a/chart/guestCharts.php b/chart/guestCharts.php
@@ -25,6 +25,6 @@
     echo createQueryJSON($result);
 }
 
-$conn->close();
+$conn = null;
 
 
diff --git a/chart/loggedInChart.php b/chart/loggedInChart.php
@@ -13,7 +13,7 @@
 /* Connect to database */
 $conn = getConnection();
 
-if (checkSessionInfo() && validateUser()) {
+if (checkSessionInfo() && validateUser($conn)) {
     $userType = trim($_SESSION['userType']);
     /* Some users have a default chart that loads on the dashboard */
     $chartType = $_POST['chartType'] ?? $defaultChart[$userType] ?? "";
@@ -48,7 +48,7 @@
     redirectToLogin();
 }
 
-$conn->close();
+$conn = null;
 
 
 

diff --git a/composer.json b/composer.json
@@ -1,5 +1,22 @@
 {
-    "require": {
-        "phpauth/phpauth": "1.2.0"
+  "name": "aarif12345/hogwartslibrary",
+  "keywords": [
+    "pdo",
+    "mysql",
+    "database",
+    "iterator"
+  ],
+  "description": "A API for the Hogwarts library website",
+  "license": "MIT",
+  "authors": [
+    {
+      "name": "Abdullah Arif",
+      "email": "abdullahmeo11@gmail.com"
     }
+  ],
+  "require": {
+    "phpauth/phpauth": "1.2.0",
+    "ext-pdo": "*",
+    "ext-json": "*"
+  }
 }
diff --git a/composer.lock b/composer.lock
diff --git a/config/apiReturn.php b/config/apiReturn.php
@@ -6,6 +6,7 @@
 /* Manually turn on error reporting */
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
+ini_set("session.cookie_secure", 1);
 error_reporting(E_ALL);
 /* Define the strings the api will return  */
 
@@ -41,7 +42,6 @@
 define('INVALID_SEARCH_METHOD', 'Invalid search method');
 define('LIBRARIAN_DELETED', 'Librarian deactivated');
 define('MISSING_PARAMETERS', 'Missing value');
-define('NO_AVAILABLE_COPIES_TO_RESERVE', 'there are no available copies to reserve for this book:(');
 define('NO_ROWS_RETURNED', 'No rows');
 define('PAID_SUCCESSFULLY', 'The fine is paid');
 define('PROFESSOR_ADDED', 'Professor added');
@@ -147,45 +147,39 @@ function verifySelfCheckout($librarianID, $borrowedBy)
     }
 }
 
-function createQueryJSON($result, $noRowReturn = NO_ROWS_RETURNED)
+function createQueryJSON($arr, $noRowReturn = NO_ROWS_RETURNED)
 {
-    if (!$result) {
-        exit(QUERY_FAILURE);
-    }
-    $arr = $result->fetch_all(MYSQLI_ASSOC);
     if (!$arr) {
         exit($noRowReturn);
     }
-    $result->close();
 
     return json_encode($arr);
 }
 
 /* Required header */
 function getHeader()
 {
-    header('Access-Control-Allow-Origin: https://abdullaharif.tech');
+    // header('Access-Control-Allow-Origin: https://abdullaharif.tech');
     // header('Access-Control-Allow-Origin: *');
+    header('Access-Control-Allow-Origin: https://localhost:3000');
     header('Access-Control-Allow-Credentials: true');
+    header('Access-Control-Allow-Headers: X-Requested-With,content-type');
     header('Access-Control-Max-Age: 86400');    // cache for 1 day
 
 }
 
 function startSession()
 {
-
     $status = session_status();
-
-    if ( PHP_SESSION_DISABLED === $status ) {
+    if (PHP_SESSION_DISABLED === $status) {
         // That's why you cannot rely on sessions!
         return;
     }
 
-    if ( PHP_SESSION_NONE === $status ) {
+    if (PHP_SESSION_NONE === $status) {
         session_cache_limiter('private_no_expire');
         session_start();
     }
-
 }
 
 function requiredHeaderAndSessionStart()

diff --git a/config/authenticate.php b/config/authenticate.php
@@ -1,83 +1,132 @@
 <?php
 //verify login
-/* Manually turn on error reporting */
-ini_set('display_errors', '1');
-ini_set('display_startup_errors', '1');
-error_reporting(E_ALL);
 
 require_once 'constants.php';
 require_once 'secretKey.php';
+/*require_once '../vendor/autoload.php';
+
+use PHPAuth\Auth as PHPAuth;
+use PHPAuth\Config as PHPAuthConfig;
+
+function getAuth($conn)
+{
+    $config = new PHPAuthConfig($conn);
+
+    return new PHPAuth($conn, $config);
+}*/
 
 /*Make sure user is validated */
-function validateUser()
+/*function validateUser($conn): bool
+{
+    $auth = getAuth($conn);
+    if ($auth->isLogged()) {
+        return $auth->getCurrentUID() === (int)($_SESSION['userID']);
+    }
+
+    return false;
+}*/
+
+function validateUser($conn)
 { //verify user did not fake authentication
     $cookie = $_COOKIE['rememberMe'] ?? '';
     if ($cookie) {
         [$userID, $token, $mac] = explode(':', $cookie); //get info from cookie
         if (!(hash_equals(hash_hmac('sha256', $userID . ':' . $token, SECRET_KEY), $mac))) {
+
             return false;
         }
         $userToken = $_SESSION['token']; //**  vulnerable if session was compromised
 
         return hash_equals($userToken, $token);
     }
 
+
     return false;
 }
+/*
+function getUserID($conn): int
+{
+    $auth = getAuth($conn);
+
+    return $auth->getCurrentUID();
+}
 
-function checkSessionInfo()
+function login($email, $password, $remember, $conn)
 {
-    return isset($_SESSION['userID']) && isset($_SESSION['token']) && isset($_SESSION['userType']);
+    $auth = getAuth($conn);
+
+    return $auth->login($email, $password, $remember);
+}
+
+function checkUsername($email, $conn): bool
+{
+    $auth = getAuth($conn);
+
+    return $auth->isEmailTaken($email);
+}*/
+
+function logout($conn): bool
+{
+    /*$auth = getAuth($conn);
+
+    return $auth->logout($auth->getCurrentSessionHash());*/
+    // TODO remove this
+    return destroy_session_and_data();
+}
+
+function checkSessionInfo(): bool
+{
+    return isset($_SESSION['userID']) && isset($_SESSION['userType']);
 }
 
 /* logout function */
 function redirectToLogin()
 {
+    header('HTTP/1.0 403 Forbidden');
     destroy_session_and_data();
-    //header("Location: /login");
     exit(UNAUTHORIZED_NO_LOGIN);
 }
 
 /* Utility functions to check user's type */
-function isProfessor()
+function isProfessor(): bool
 {
     return strcmp(trim($_SESSION['userType'] ?? ""), "professor") == 0;
 }
 
-function isStudent()
+function isStudent(): bool
 {
     return strcmp(trim($_SESSION['userType'] ?? ""), "student") == 0;
 }
 
-function isHeadmaster()
+function isHeadmaster(): bool
 {
     return strcmp(trim($_SESSION['userType'] ?? ""), "headmaster") == 0;
 }
 
-function isLibrarian()
+function isLibrarian(): bool
 {
     return strcmp(trim($_SESSION['userType'] ?? ""), "librarian") == 0;
 }
 
 /* utility function to make sure user has the correct permission*/
-function validateStudent()
+function validateStudent($conn): bool
 {
-    return isStudent() && validateUser();
+    return isStudent() && validateUser($conn);
 }
 
-function validateProfessor()
+function validateProfessor($conn): bool
 {
-    return isProfessor() && validateUser();
+    return isProfessor() && validateUser($conn);
 }
 
-function validateHeadmaster()
+function validateHeadmaster($conn): bool
 {
-    return isHeadmaster() && validateUser();
+    return isHeadmaster() && validateUser($conn);
 }
 
-function validateLibrarian()
+function validateLibrarian($conn): bool
 {
-    return isLibrarian() && validateUser();
+    return isLibrarian() && validateUser($conn);
 }
 
 /* function to destroy session */
@@ -100,6 +149,5 @@ function destroy_session_and_data()
         unset($_COOKIE['rememberMe']);
     }
     session_destroy();
+    return true;
 }
-
-
diff --git a/headmaster/addCourses.php b/headmaster/addCourses.php
@@ -17,7 +17,7 @@
     exit(MISSING_PARAMETERS);
 }
 
-if (checkSessionInfo() && validateHeadmaster()) {
+if (checkSessionInfo() && validateHeadmaster($conn)) {
     $professorID = $_POST['professorID'];
     $courseName = $_POST['courseName'];
     $termOffered = isValidPostVar('TermOffered') ?? null;
@@ -30,6 +30,6 @@
     redirectToLogin();
 }
 
-$conn->close();
+$conn = null;
 
 
diff --git a/headmaster/addEnrollment.php b/headmaster/addEnrollment.php
@@ -17,7 +17,7 @@
     exit(MISSING_PARAMETERS);
 }
 
-if (checkSessionInfo() && validateHeadmaster()) {
+if (checkSessionInfo() && validateHeadmaster($conn)) {
     $courseID = $_POST['courseID'];
     $studentID = $_POST['studentID'];
     if (insertEnrollment($studentID, $courseID, $conn)) {
@@ -29,6 +29,6 @@
     redirectToLogin();
 }
 
-$conn->close();
+$conn = null;
 
 
diff --git a/headmaster/addLibrarian.php b/headmaster/addLibrarian.php
@@ -20,7 +20,7 @@
     exit(INVALID_PARAMETERS);
 }
 
-if (checkSessionInfo() && validateHeadmaster()) {
+if (checkSessionInfo() && validateHeadmaster($conn)) {
     $userID = (int)$_POST['userID'];
     if (insertLibrarian($userID, $conn)) {
         echo librarianCreated($userID);
@@ -31,6 +31,6 @@
     redirectToLogin();
 }
 
-$conn->close();
+$conn = null;
 
 
diff --git a/headmaster/deleteCourses.php b/headmaster/deleteCourses.php
@@ -17,7 +17,7 @@
     exit(MISSING_PARAMETERS);
 }
 
-if (checkSessionInfo() && validateHeadmaster()) {
+if (checkSessionInfo() && validateHeadmaster($conn)) {
     $courseID = $_POST['courseID'];
     if (deleteCourse($courseID, $conn)) {
         echo COURSE_DELETED;
@@ -28,6 +28,6 @@
     redirectToLogin();
 }
 
-$conn->close();
+$conn = null;
 
 
diff --git a/headmaster/deleteEnrollment.php b/headmaster/deleteEnrollment.php
@@ -18,7 +18,7 @@
     exit(MISSING_PARAMETERS);
 }
 
-if (checkSessionInfo() && validateHeadmaster()) {
+if (checkSessionInfo() && validateHeadmaster($conn)) {
     $enrollmentNumber = $_POST['enrollmentNumber'];
     if (deleteEnrollment($enrollmentNumber, $conn)) {
         echo ENROLLMENT_DELETED;
@@ -30,5 +30,5 @@
 }
 
 
-$conn->close();
+$conn = null;