From 81cdae85b06d5f2a5904460dc70e3a9b5a9af40b Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Wed, 11 Jan 2023 14:41:09 +0100 Subject: [PATCH 01/15] add: user --- User.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 User.php diff --git a/User.php b/User.php new file mode 100644 index 0000000..0f61993 --- /dev/null +++ b/User.php @@ -0,0 +1,25 @@ +username = $username; + $db = new BancaDati(); + return $this; + } + + public function exists() { + return true; + } + public function login(string $password) : string { + // select user + // $this->db->select() + return "token"; + } +} \ No newline at end of file -- 2.39.5 From 148f95087db24287b31599823af0216ca383dcf0 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Wed, 11 Jan 2023 14:41:58 +0100 Subject: [PATCH 02/15] add: login begin --- index.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/index.php b/index.php index 224a190..b7c60de 100644 --- a/index.php +++ b/index.php @@ -3,6 +3,7 @@ require_once("Router/Router.php"); require_once("Router/Response.php"); require_once("BancaDati/BancaDati.php"); +require_once("User.php"); use Router\Response; use Router\Router; @@ -11,6 +12,13 @@ use BancaDati\BancaDati; $app = new Router("/DirektiveDesDons"); $db = new BancaDati(); +$app->use("/", function (array $req, Response $res) { + if(isset($_COOKIE["TOKEN"])){ + // user mit token finden und im req übergeben + $user = new User(""); + + } +}); $app->get("/", function (array $req, Response $res) { $res->send("Hello World"); @@ -23,4 +31,17 @@ $app->get("/user/:id", function (array $req, Response $res) { $res->send("user " . $req["params"]["id"]); }); +$app->post("/login", function( array $req, Response $res) { + $username = $req["body"]["username"]; + $password = $req["body"]["username"]; + $user = new User($username).login($password); + + if(isset($user)){ + setcookie($user->token, "TOKEN"); + $res->send("Login successful", 200); + }else{ + $res->send("Login failed", 403); + } +}); + $app->start(); \ No newline at end of file -- 2.39.5 From 95a2c3e3fee2cc080161d7afe28815cf07b4eb80 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:09:02 +0100 Subject: [PATCH 03/15] fix: add Body to Post request --- Router/Router.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Router/Router.php b/Router/Router.php index 7926b5b..35d05fc 100644 --- a/Router/Router.php +++ b/Router/Router.php @@ -30,7 +30,7 @@ class Router $this->request = $_SERVER; } if (isset($_POST)) { - $this->request["body"] = $_POST; + $this->request["body"] = json_decode(file_get_contents('php://input'), true); } if (isset($_POST)) { $this->request["params"] = $_GET; -- 2.39.5 From 23cf1b54e4976682606ac2e11ea4ee80f8a367a1 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:28:40 +0100 Subject: [PATCH 04/15] fix: insert vales with single quotes --- BancaDati/BancaDati.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index 50ab02b..79de0e0 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -44,17 +44,19 @@ class BancaDati { $value = ""; $column = ""; foreach ($values as $col => $v){ - $value .= $v . ","; + $value .= "'" . $v . "'" . ","; $column .= $col . ","; } $value = trim($value, ","); $column = trim($column, ","); - $sql = "INSERT INTO $table($column) VALUES ($value);"; + $sql = "INSERT INTO $table ($column) VALUES ($value);"; + var_dump($sql); try { $sth = $this->pdo->prepare($sql); $sth->execute(); }catch (PDOException $e){ + var_dump($e); die; } } -- 2.39.5 From e1a0f112a2ee42cfa93b2cbc87931a1e6bb6ec80 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:36:37 +0100 Subject: [PATCH 05/15] fix: select values with single quotes --- BancaDati/BancaDati.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index 79de0e0..9b7faf5 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -51,7 +51,6 @@ class BancaDati { $column = trim($column, ","); $sql = "INSERT INTO $table ($column) VALUES ($value);"; - var_dump($sql); try { $sth = $this->pdo->prepare($sql); $sth->execute(); @@ -109,9 +108,10 @@ class BancaDati { if($where != ""){ $where .= " AND "; } - $where .= $col . "=" . $v; + $where .= $col . "=" . "'" . $v . "'"; } $sql = "SELECT * FROM ".$table." WHERE ".$where; + var_dump($sql); if(isset($order["by"])){ $sql .= " ORDER BY ".$order["by"]; } @@ -121,6 +121,7 @@ class BancaDati { try { return $this->pdo->query($sql); }catch (PDOException $e){ + var_dump($e); die; } } -- 2.39.5 From acfae23029ee37195fcad29ad82067df42c608b1 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:37:11 +0100 Subject: [PATCH 06/15] fix: remove print --- BancaDati/BancaDati.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index 9b7faf5..0874c6d 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -111,7 +111,6 @@ class BancaDati { $where .= $col . "=" . "'" . $v . "'"; } $sql = "SELECT * FROM ".$table." WHERE ".$where; - var_dump($sql); if(isset($order["by"])){ $sql .= " ORDER BY ".$order["by"]; } @@ -121,7 +120,6 @@ class BancaDati { try { return $this->pdo->query($sql); }catch (PDOException $e){ - var_dump($e); die; } } -- 2.39.5 From 21ebecac5453673fa4241ba6708de5edf78c8a26 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:41:51 +0100 Subject: [PATCH 07/15] fix: select fetch --- BancaDati/BancaDati.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index 0874c6d..12f9205 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -118,7 +118,7 @@ class BancaDati { $sql .= $order["order"]; } try { - return $this->pdo->query($sql); + return $this->pdo->query($sql)->fetch(); }catch (PDOException $e){ die; } -- 2.39.5 From 7b5672d36b31457b66a46fc303fbe1cf9e1cfb8a Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:44:52 +0100 Subject: [PATCH 08/15] quick safe --- User.php | 15 ++++++++++----- index.php | 19 +++++++++++++++---- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/User.php b/User.php index 0f61993..6d5dea9 100644 --- a/User.php +++ b/User.php @@ -8,8 +8,7 @@ class User { private string $password; private BancaDati $db; - public function __construct(string $username) { - $this->username = $username; + public function __construct() { $db = new BancaDati(); return $this; } @@ -17,9 +16,15 @@ class User { public function exists() { return true; } - public function login(string $password) : string { - // select user - // $this->db->select() + public function loginWithUsername(string $username, string $password) : string { + $userObject = $this->db->select("utente", ["username" => $username]); + var_dump($userObject); + if(!$userObject){ + return false; + } return "token"; } + public function loginWithToken(string $token){ + + } } \ No newline at end of file diff --git a/index.php b/index.php index b7c60de..bf767ce 100644 --- a/index.php +++ b/index.php @@ -27,14 +27,25 @@ $app->get("/", function (array $req, Response $res) { $app->get("/user", function (array $req, Response $res) { $res->send("user"); }); -$app->get("/user/:id", function (array $req, Response $res) { +$app->get("/user/:id", function (array $req, Response $res) use ($db) { + $db->select("utente", ["username" => $req["id"]]); $res->send("user " . $req["params"]["id"]); }); +$app->post("/createuser", function (array $req, Response $res) use ($db) { + $db->insert("utente", ["email" => "test@email.com", "parolaDordine" => "password", "nomeUtente" => "testuser"]); + $res->send("user "); +}); -$app->post("/login", function( array $req, Response $res) { +$app->post("/login", function( array $req, Response $res) use ($db) { $username = $req["body"]["username"]; - $password = $req["body"]["username"]; - $user = new User($username).login($password); + $password = $req["body"]["password"]; + + $user = $db->select("utente", ["nomeUtente" => $username]); + var_dump($user); + return; + $user = new User(); + $user->loginWithUsername($username, $password); + return; if(isset($user)){ setcookie($user->token, "TOKEN"); -- 2.39.5 From f25b2a72f7c45e8557c98a07700415118a6529d3 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:04:15 +0100 Subject: [PATCH 09/15] add: user login with password --- User.php | 21 +++++++++++++++++---- index.php | 11 ++++------- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/User.php b/User.php index 6d5dea9..b3cc7ec 100644 --- a/User.php +++ b/User.php @@ -2,6 +2,7 @@ require_once("BancaDati/BancaDati.php"); use BancaDati\BancaDati; class User { + public string $id; public string $username; public string $email; public string $token; @@ -9,7 +10,7 @@ class User { private BancaDati $db; public function __construct() { - $db = new BancaDati(); + $this->db = new BancaDati(); return $this; } @@ -17,12 +18,24 @@ class User { return true; } public function loginWithUsername(string $username, string $password) : string { - $userObject = $this->db->select("utente", ["username" => $username]); - var_dump($userObject); + $userObject = $this->db->select("utente", ["nomeUtente" => $username]); + if(!$userObject){ return false; } - return "token"; + $this->id = $userObject["id"]; + $this->username = $userObject["nomeUtente"]; + $this->email = $userObject["email"]; + $this->password = $userObject["parolaDordine"]; + $this->token = $this->db->createUUID(); + + if($this->password != $password){ + return false; // ungültiges password + } + + $this->db->update("utente", $this->id, ["gettone" => $this->token]); + + return $this->token; } public function loginWithToken(string $token){ diff --git a/index.php b/index.php index bf767ce..fbe2500 100644 --- a/index.php +++ b/index.php @@ -41,15 +41,12 @@ $app->post("/login", function( array $req, Response $res) use ($db) { $password = $req["body"]["password"]; $user = $db->select("utente", ["nomeUtente" => $username]); - var_dump($user); - return; $user = new User(); - $user->loginWithUsername($username, $password); - return; + $usertoken = $user->loginWithUsername($username, $password); - if(isset($user)){ - setcookie($user->token, "TOKEN"); - $res->send("Login successful", 200); + if($usertoken){ + setcookie("TOKEN", $usertoken, time()+3600); // 1h + $res->send("Login successful" . "token: " . $usertoken, 200); }else{ $res->send("Login failed", 403); } -- 2.39.5 From fe5efbe8f1ecc3cb7fca2c6e695d2871e3777964 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:04:49 +0100 Subject: [PATCH 10/15] fix: remove test --- index.php | 1 - 1 file changed, 1 deletion(-) diff --git a/index.php b/index.php index fbe2500..c913f1f 100644 --- a/index.php +++ b/index.php @@ -40,7 +40,6 @@ $app->post("/login", function( array $req, Response $res) use ($db) { $username = $req["body"]["username"]; $password = $req["body"]["password"]; - $user = $db->select("utente", ["nomeUtente" => $username]); $user = new User(); $usertoken = $user->loginWithUsername($username, $password); -- 2.39.5 From 5fea5ad15f1f670234ec717e6de7480adab4002c Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:09:08 +0100 Subject: [PATCH 11/15] fix: update vales with quotes --- BancaDati/BancaDati.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index 12f9205..dd4823a 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -71,7 +71,7 @@ class BancaDati { public function update(string $table, string $id, array $values){ $value = ""; foreach ($values as $col => $v){ - $value .= $col . "=" . $v . ","; + $value .= $col . "=" . "'" . $v . "'" . ","; } $value = trim($value, ","); @@ -80,6 +80,7 @@ class BancaDati { $sth = $this->pdo->prepare($sql); $sth->execute(); }catch (PDOException $e){ + var_dump($e); die; } } -- 2.39.5 From a2178733daa523663c3245d20146f231be24184a Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:09:39 +0100 Subject: [PATCH 12/15] fix: remove print --- BancaDati/BancaDati.php | 1 - 1 file changed, 1 deletion(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index dd4823a..790d024 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -80,7 +80,6 @@ class BancaDati { $sth = $this->pdo->prepare($sql); $sth->execute(); }catch (PDOException $e){ - var_dump($e); die; } } -- 2.39.5 From a887921e5d0e8b61acd36848a629cd933321c4d9 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:22:32 +0100 Subject: [PATCH 13/15] quick safe --- User.php | 10 ++++++++++ index.php | 8 +++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/User.php b/User.php index b3cc7ec..203368b 100644 --- a/User.php +++ b/User.php @@ -38,6 +38,16 @@ class User { return $this->token; } public function loginWithToken(string $token){ + $userObject = $this->db->select("utente", ["gettone" => $token]); + if(!$userObject){ + return false; + } + $this->id = $userObject["id"]; + $this->username = $userObject["nomeUtente"]; + $this->email = $userObject["email"]; + $this->password = $userObject["parolaDordine"]; + $this->token = $token; + return $this; } } \ No newline at end of file diff --git a/index.php b/index.php index c913f1f..756988a 100644 --- a/index.php +++ b/index.php @@ -12,16 +12,18 @@ use BancaDati\BancaDati; $app = new Router("/DirektiveDesDons"); $db = new BancaDati(); -$app->use("/", function (array $req, Response $res) { +$app->use("/", function (array &$req, Response $res) { if(isset($_COOKIE["TOKEN"])){ // user mit token finden und im req übergeben - $user = new User(""); - + $user = new User(); + $user->loginWithToken($_COOKIE["TOKEN"]); + $req["user"] = $user; } }); $app->get("/", function (array $req, Response $res) { $res->send("Hello World"); + var_dump($req["user"]); }); $app->get("/user", function (array $req, Response $res) { -- 2.39.5 From 2860a01cf85ef96a97db5a3f896272a60560ff75 Mon Sep 17 00:00:00 2001 From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:29:58 +0100 Subject: [PATCH 14/15] fix: login with Token --- BancaDati/BancaDati.php | 1 + index.php | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index 790d024..0ad19f9 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -120,6 +120,7 @@ class BancaDati { try { return $this->pdo->query($sql)->fetch(); }catch (PDOException $e){ + var_dump($e); die; } } diff --git a/index.php b/index.php index 756988a..374358d 100644 --- a/index.php +++ b/index.php @@ -14,16 +14,16 @@ $db = new BancaDati(); $app->use("/", function (array &$req, Response $res) { if(isset($_COOKIE["TOKEN"])){ - // user mit token finden und im req übergeben $user = new User(); - $user->loginWithToken($_COOKIE["TOKEN"]); - $req["user"] = $user; + if($user->loginWithToken($_COOKIE["TOKEN"])){ + $req["user"] = $user; + } } }); $app->get("/", function (array $req, Response $res) { $res->send("Hello World"); - var_dump($req["user"]); + //var_dump($req["user"]); }); $app->get("/user", function (array $req, Response $res) { -- 2.39.5 From fbfeeb76793c9d686bb144a9807ebf6da81c45e8 Mon Sep 17 00:00:00 2001 From: Malte Schulze Hobeling Date: Wed, 18 Jan 2023 08:39:45 +0100 Subject: [PATCH 15/15] trying to resolve conflict --- BancaDati/BancaDati.php | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/BancaDati/BancaDati.php b/BancaDati/BancaDati.php index 0ad19f9..eb0c5ab 100644 --- a/BancaDati/BancaDati.php +++ b/BancaDati/BancaDati.php @@ -44,18 +44,17 @@ class BancaDati { $value = ""; $column = ""; foreach ($values as $col => $v){ - $value .= "'" . $v . "'" . ","; + $value .= $v . ","; $column .= $col . ","; } $value = trim($value, ","); $column = trim($column, ","); - $sql = "INSERT INTO $table ($column) VALUES ($value);"; + $sql = "INSERT INTO $table($column) VALUES ($value);"; try { $sth = $this->pdo->prepare($sql); $sth->execute(); }catch (PDOException $e){ - var_dump($e); die; } } @@ -71,7 +70,7 @@ class BancaDati { public function update(string $table, string $id, array $values){ $value = ""; foreach ($values as $col => $v){ - $value .= $col . "=" . "'" . $v . "'" . ","; + $value .= $col . "=" . $v . ","; } $value = trim($value, ","); @@ -101,16 +100,23 @@ class BancaDati { } } - - public function select(string $table, array $data, array $order = null){ - $where = ""; - foreach ($data as $col => $v) { - if($where != ""){ - $where .= " AND "; + /** + * einheitliche Select Funktion + * @param string $table + * @param array $where ["column"]=>"value" es wird mit LIKE verglichen und mit AND verbunden + * @param array|null $order ["by"]=>"column"; ["order"]=>"ASC|DESC" + * @return void + * @author Malte Schulze Hobeling + */ + public function select(string $table, array $where, array $order = null){ + $whereString = ""; + foreach ($where as $col => $v) { + if($whereString != ""){ + $whereString .= " AND "; } - $where .= $col . "=" . "'" . $v . "'"; + $whereString .= $col . " LIKE " . $v; } - $sql = "SELECT * FROM ".$table." WHERE ".$where; + $sql = "SELECT * FROM ".$table." WHERE ".$whereString; if(isset($order["by"])){ $sql .= " ORDER BY ".$order["by"]; } @@ -118,9 +124,8 @@ class BancaDati { $sql .= $order["order"]; } try { - return $this->pdo->query($sql)->fetch(); + return $this->pdo->query($sql); }catch (PDOException $e){ - var_dump($e); die; } } -- 2.39.5