Citations_old/api.php

211 lines
4.9 KiB
PHP
Raw Normal View History

2023-08-06 18:26:25 +02:00
<?php
session_start();
$mysqllogin = json_decode(file_get_contents("secrets/MysqlLogin.json"), false);
$adminpwd = file_get_contents("secrets/AdminPwd");
$mysqli = new mysqli('localhost', $mysqllogin->DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName);
$action = $_POST["action"];
if($action == "login"){
$uname = $_POST["username"];
$pwd = $_POST["password"];
$stmt1 = $mysqli->prepare("Select Password, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin From Users Where Username = %s;");
$stmt1->bind_param('s', $uname);
$stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv);
$stmt1->execute();
$stmt1->store_result();
if ($stmt1->num_rows > 0){
while ($stmt1->fetch()){
if(password_verify($pwd, $pwdhash)){
$_SESSION["username"] = $uname;
$_SESSION["loggedin"] = 1;
$_SESSION["userID"] = $uid;
$_SESSION["fullname"] = $fullname;
$_SESSION["nickname"] = $nick;
}
}
}
return "Logged in";
}
if($action == "logout"){
session_destroy();
return "Logged out";
}
function processUserRelated($actionin, mysqli $mysqliconn){
if($actionin == "setnickname"){
$newNick = $_POST["newnick"];
$_SESSION["nickname"] = $newNick;
$stmt2 = $mysqliconn->prepare("Update Users Set Nickname=%s Where ID = %i;");
$stmt2->bind_param('si', $newNick, $_SESSION["userID"]);
$stmt2->execute();
$stmt2->store_result();
}
if($actionin == "setfullname"){
$newFull = $_POST["newFull"];
$_SESSION["fullname"] = $newNick;
$stmt3 = $mysqliconn->prepare("Update Users Set FullName=%s Where ID = %i;");
$stmt3->bind_param('si', $newFull, $_SESSION["userID"]);
$stmt3->execute();
$stmt3->store_result();
}
if($actionin == "setpassword"){
$oldPWD = $_POST["oldPWD"];
$newPWD = $_POST["newPWD"];
$stmt4 = $mysqliconn->prepare("Select Password From Users Where ID = %i AND Username = %s;");
$stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]);
$stmt4->bind_result($pwdhash);
$stmt4->execute();
$stmt4->store_result();
if ($stmt4->num_rows > 0){
while ($stmt4->fetch()){
if(password_verify($oldPWD, $pwdhash)){
$stmt5 = $mysqliconn->prepare("Update Users Set Password=%s Where ID = %i;");
$newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT);
$stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]);
$stmt5->execute();
$stmt5->store_result();
return "Password changed";
}
}
}
}
if($actionin == "getallusers"){
}
return 0;
}
function processCitationRelated($actionin, mysqli $mysqliconn){
if($actionin == "getcitations"){
}
if($actionin == "getrandomcitation"){
}
if($actionin == "getcitationfulltextsearch"){
}
if($actionin == "getcitationsbyuser"){
}
if($actionin == "getcitationsbysource"){
}
if($actionin == "getcitationsbytags"){
}
if($actionin == "getcitationbyverse"){
}
return 0;
}
function processTagsRelated($actionin, mysqli $mysqliconn){
if($actionin == "createtag"){
}
if($actionin == "getalltags"){
}
if($actionin == "gettagsbycollection"){
}
return 0;
}
function processSourcesRelated($actionin, mysqli $mysqliconn){
if($actionin == "createsource"){
}
if($actionin == "getallsources"){
}
if($actionin == "getallsourcesbycreator"){
}
return 0;
}
function processCommentRelated($actionin, mysqli $mysqliconn){
if($actionin == "createcomment"){
}
if($actionin == "getallcommentsbycreator"){
}
if($actionin == "getcommentsbycitationlatestversion"){
}
if($actionin == "getcommentsbycitationallversions"){
}
return 0;
}
if($_SESSION["loggedin"] == 1){
$citationreturn = processCitationRelated($action, $mysqli);
if($citationreturn != 0){
return $citationreturn;
}
$commentreturn = processCommentRelated($action, $mysqli);
if($commentreturn != 0){
return $commentreturn;
}
$tagsreturn = processTagsRelated($action, $mysqli);
if($tagsreturn != 0){
return $tagsreturn;
}
$sourcereturn = processSourcesRelated($action, $mysqli);
if($sourcereturn != 0){
return $sourcereturn;
}
$userreturn = processUserRelated($action, $mysqli);
if($userreturn != 0){
return $userreturn;
}
}
else{
return "Not logged in";
}
?>