Skip to content
Snippets Groups Projects
Commit ed516a0b authored by Sibidharan's avatar Sibidharan :speech_balloon:
Browse files

Initial code cleanup

parent 53865b8e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 172 deletions
api/index.php
+ 0
172
View file @ ed516a0b
......@@ -93,183 +93,11 @@
$this->response($data,200);
}
private function get_current_user(){
$username = $this->is_logged_in();
if($username){
$data = [
"username"=> $username
];
$this->response($this->json($data), 200);
} else {
$data = [
"error"=> "unauthorized"
];
$this->response($this->json($data), 403);
}
}
private function logout(){
$username = $this->is_logged_in();
if($username){
$headers = getallheaders();
$auth_token = $headers["Authorization"];
$auth_token = explode(" ", $auth_token)[1];
$query = "DELETE FROM session WHERE session_token='$auth_token'";
$db = $this->dbConnect();
if(mysqli_query($db, $query)){
$data = [
"message"=> "success"
];
$this->response($this->json($data), 200);
} else {
$data = [
"user"=> $this->is_logged_in()
];
$this->response($this->json($data), 200);
}
} else {
$data = [
"user"=> $this->is_logged_in()
];
$this->response($this->json($data), 200);
}
}
private function user_exists(){
if(isset($this->_request['data'])){
$data = $this->_request['data'];
$db = $this->dbConnect();
$result = mysqli_query($db, "SELECT id, username, mobile FROM users WHERE id='$data' OR username='$data' OR mobile='$data'");
if($result){
$result = mysqli_fetch_array($result, MYSQLI_ASSOC);
$this->response($this->json($result), 200);
} else {
$data = [
"error"=>"user_not_found"
];
$this->response($this->json($data), 404);
}
} else {
$data = [
"error"=>"expectation_failed"
];
$this->response($this->json($data), 417);
}
}
private function signup(){
if($this->get_request_method() != "POST"){
$data = [
"error"=>"method_not_allowed"
];
$this->response($this->json($data), 405);
}
if(isset($this->_request['username']) and isset($this->_request['password']) and isset($this->_request['mobile'])){
$username = $this->_request['username'];
$password = $this->_request['password'];
$mobile = $this->_request['mobile'];
$query = "INSERT INTO users (username, password, mobile) VALUES ('$username', '$password', '$mobile');";
$db = $this->dbConnect();
$result = mysqli_query($db, $query);
if($result){
$data = [
"message"=>"success"
];
$this->response($this->json($data), 201);
} else {
$data = [
"error"=>"internal_server_error"
];
$this->response($this->json($data), 500);
}
} else {
$data = [
"error"=>"expectation_failed"
];
$this->response($this->json($data), 417);
}
}
private function login(){
if($this->get_request_method() != "POST"){
$data = [
"error"=>"method_not_allowed"
];
$this->response($this->json($data), 405);
}
if(isset($this->_request['username']) and isset($this->_request['password'])){
$db = $this->dbConnect();
$username = $this->_request['username'];
$password = $this->_request['password'];
$result = mysqli_query($db, "SELECT * FROM users WHERE (id='$username' OR username='$username' OR mobile='$username') AND password = '$password'");
$d = mysqli_fetch_assoc($result);
if($d){
$userid = $d['id'];
$token = $this->generate_hash();
$query = "INSERT INTO `session` (session_token, is_valid, user_id) VALUES ('$token', '1', '$userid');";
if(mysqli_query($db, $query)){
$data = [
"message"=>"success",
"token"=>$token
];
$this->response($this->json($data), 201);
} else {
$data = [
"error"=>"internal_server_error",
"message"=>mysqli_error($db)
];
$this->response($this->json($data), 500);
}
} else {
$data = [
"error"=>"invalid_credentials"
];
$this->response($this->json($data), 404);
}
} else {
$data = [
"error"=>"expectation_failed"
];
$this->response($this->json($data), 417);
}
}
function generate_hash(){
$bytes = random_bytes(16);
return bin2hex($bytes);
}
function is_logged_in(){
$headers = getallheaders();
if(isset($headers["Authorization"])){
$auth_token = $headers["Authorization"];
$auth_token = explode(" ", $auth_token)[1];
$query = "SELECT * FROM session WHERE session_token='$auth_token'";
$db = $this->dbConnect();
$_result = mysqli_query($db, $query);
$d = mysqli_fetch_assoc($_result);
if($d){
$data = $d['user_id'];
$result = mysqli_query($db, "SELECT id, username, mobile FROM users WHERE id='$data' OR username='$data' OR mobile='$data'");
if($result){
$result = mysqli_fetch_array($result, MYSQLI_ASSOC);
return $result["username"];
} else {
return false;
}
} else {
return false;
}
} else {
return false;
}
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment