BRNSystems/Citations_old
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

do some stuff

Browse Source
This commit is contained in:
Bruno Rybársky
2023-08-07 15:52:21 +02:00
parent 93d31c7053
commit 886a54001e
1 changed files with 156 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
api.php
View File

@@ -5,12 +5,12 @@ $mysqllogin = json_decode(file_get_contents("secrets/MysqlLogin.json"), false);
$mysqli = new mysqli('localhost', $mysqllogin->DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName); $mysqli = new mysqli('localhost', $mysqllogin->DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName);
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST["action"]; $action = htmlspecialchars($_POST["action"]);
if($action == "login"){ if($action == "login"){
$uname = $_POST["username"]; $uname = htmlspecialchars($_POST["username"]);
$pwd = $_POST["password"]; $pwd = htmlspecialchars($_POST["password"]);
$stmt1 = $mysqli->prepare("SELECT PWD, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = %s;"); $stmt1 = $mysqli->prepare("SELECT PWD, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = ?;");
$stmt1->bind_param('s', $uname); $stmt1->bind_param('s', $uname);
$stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv); $stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv);
$stmt1->execute(); $stmt1->execute();
@@ -45,27 +45,27 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
function processUserRelated($actionin, mysqli $mysqliconn){ function processUserRelated($actionin, mysqli $mysqliconn){
if($actionin == "setnickname"){ if($actionin == "setnickname"){
$newNick = $_POST["newnick"]; $newNick = htmlspecialchars($_POST["newnick"]);
$_SESSION["nickname"] = $newNick; $_SESSION["nickname"] = $newNick;
$stmt2 = $mysqliconn->prepare("UPDATE Users SET Nickname=%s WHERE ID = %i;"); $stmt2 = $mysqliconn->prepare("UPDATE Users SET Nickname=? WHERE ID = ?;");
$stmt2->bind_param('si', $newNick, $_SESSION["userID"]); $stmt2->bind_param('si', $newNick, $_SESSION["userID"]);
$stmt2->execute(); $stmt2->execute();
$stmt2->store_result(); $stmt2->store_result();
} }
if($actionin == "setfullname"){ if($actionin == "setfullname"){
$newFull = $_POST["newFull"]; $newFull = htmlspecialchars($_POST["newFull"]);
$_SESSION["fullname"] = $newNick; $_SESSION["fullname"] = $newNick;
$stmt3 = $mysqliconn->prepare("UPDATE Users SET FullName=%s WHERE ID = %i;"); $stmt3 = $mysqliconn->prepare("UPDATE Users SET FullName=? WHERE ID = ?;");
$stmt3->bind_param('si', $newFull, $_SESSION["userID"]); $stmt3->bind_param('si', $newFull, $_SESSION["userID"]);
$stmt3->execute(); $stmt3->execute();
$stmt3->store_result(); $stmt3->store_result();
} }
if($actionin == "setpassword"){ if($actionin == "setpassword"){
$oldPWD = $_POST["oldPWD"]; $oldPWD = htmlspecialchars($_POST["oldPWD"]);
$newPWD = $_POST["newPWD"]; $newPWD = htmlspecialchars($_POST["newPWD"]);
$stmt4 = $mysqliconn->prepare("SELECT PWD FROM Users WHERE ID = %i AND Username = %s;"); $stmt4 = $mysqliconn->prepare("SELECT PWD FROM Users WHERE ID = ? AND Username = ?;");
$stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]); $stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]);
$stmt4->bind_result($pwdhash); $stmt4->bind_result($pwdhash);
$stmt4->execute(); $stmt4->execute();
@@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($stmt4->num_rows > 0){ if ($stmt4->num_rows > 0){
while ($stmt4->fetch()){ while ($stmt4->fetch()){
if(password_verify($oldPWD, $pwdhash)){ if(password_verify($oldPWD, $pwdhash)){
$stmt5 = $mysqliconn->prepare("UPDATE Users SET PWD=%s WHERE ID = %i;"); $stmt5 = $mysqliconn->prepare("UPDATE Users SET PWD=? WHERE ID = ?;");
$newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT); $newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT);
$stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]); $stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]);
$stmt5->execute(); $stmt5->execute();
@@ -85,9 +85,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
if($actionin == "getallusers"){ if($actionin == "getallusers"){
$stmt6 = $mysqliconn->prepare("SELECT Username, Nickname, FullName, IsAdmin FROM Users;"); $stmt6 = $mysqliconn->prepare("SELECT ID, Username, Nickname, FullName, IsAdmin FROM Users;");
$stmt6->execute(); $stmt6->execute();
$stmt6->bind_result($uname, $nick, $fnamex, $isadmin); $stmt6->bind_result($id, $uname, $nick, $fnamex, $isadmin);
$stmt6->store_result(); $stmt6->store_result();
$outarr = array(); $outarr = array();
if ($stmt6->num_rows > 0){ if ($stmt6->num_rows > 0){
@@ -98,6 +98,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
else{ else{
$fname = ""; $fname = "";
} }
$tmparr["id"] = $id;
$tmparr["username"] = $uname; $tmparr["username"] = $uname;
$tmparr["nickname"] = $nick; $tmparr["nickname"] = $nick;
$tmparr["fullname"] = $fname; $tmparr["fullname"] = $fname;
@@ -109,27 +110,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
if($actionin == "adduser"){ if($actionin == "adduser"){
$stmt6 = $mysqliconn->prepare("INSERT INTO Users"); if($_SESSION["isadmin"] == 1){
$stmt6->execute(); $stmt7 = $mysqliconn->prepare("INSERT INTO Users (Username, Nickname, FullName, PWD, CanSeeFullNames, CanSeeOthersComments, IsAdmin) VALUES (?, ?, ?, ?, ?, ?, ?);");
$stmt6->bind_result($uname, $nick, $fnamex, $isadmin); $uname = htmlspecialchars($_POST["username"]);
$stmt6->store_result(); $nick = htmlspecialchars($_POST["nickname"]);
$outarr = array(); $fname = htmlspecialchars($_POST["fullname"]);
if ($stmt6->num_rows > 0){ $pwdx = htmlspecialchars($_POST["password"]);
while ($stmt6->fetch()){ $canfullnames = intval($_POST["canseefullnames"]);
if ($_SESSION["canseefullnames"] == 1){ $cancomments = intval($_POST["canseeotherscomments"]);
$fname = $fnamex; $pwd = password_hash($pwdx, PASSWORD_DEFAULT);
} $admin = intval($_POST["isadmin"]);
else{ $stmt7->bind_param("ssssiii", $uname, $nick, $fname, $pwd, $canfullnames, $cancomments, $admin);
$fname = ""; $stmt7->execute();
} $stmt7->store_result();
$tmparr["username"] = $uname; return "User added";
$tmparr["nickname"] = $nick;
$tmparr["fullname"] = $fname;
$tmparr["isadmin"] = $isadmin;
array_push($outarr, $tmparr);
}
} }
return json_encode($outarr);
} }
return 0; return 0;
@@ -174,14 +169,49 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if($actionin == "createtag"){ if($actionin == "createtag"){
$stmt9 = $mysqliconn->prepare("INSERT INTO Tags (TagName, CreatorID) VALUES (?, ?);");
$tagname = htmlspecialchars($_POST["tagname"]);
$uid = $_SESSION["userID"];
$stmt9->bind_param("si", $tagname, $uid);
$stmt9->execute();
$stmt9->store_result();
} }
if($actionin == "getalltags"){ if($actionin == "getalltags"){
$stmt10 = $mysqliconn->prepare("SELECT ID, TagName, CreatorID FROM Tags;");
$stmt10->execute();
$stmt10->bind_result($id, $tagname, $creatorid);
$stmt10->store_result();
$outarr = array();
if ($stmt10->num_rows > 0){
while ($stmt10->fetch()){
$tmparr["id"] = $id;
$tmparr["tagname"] = $tagname;
$tmparr["creatorid"] = $creatorid;
array_push($outarr, $tmparr);
}
}
return json_encode($outarr);
} }
if($actionin == "gettagsbycollection"){ if($actionin == "gettagsbycreator"){
$stmt11 = $mysqliconn->prepare("SELECT ID, TagName, CreatorID FROM Tags WHERE CreatorID = ?;");
$cruid = intval($_POST['creatorid']);
$stmt11->bind_param("i", $cruid);
$stmt11->execute();
$stmt11->bind_result($id, $tagname, $creatorid);
$stmt11->store_result();
$outarr = array();
if ($stmt11->num_rows > 0){
while ($stmt11->fetch()){
$tmparr["id"] = $id;
$tmparr["tagname"] = $tagname;
$tmparr["creatorid"] = $creatorid;
array_push($outarr, $tmparr);
}
}
return json_encode($outarr);
} }
return 0; return 0;
@@ -190,15 +220,51 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
function processSourcesRelated($actionin, mysqli $mysqliconn){ function processSourcesRelated($actionin, mysqli $mysqliconn){
if($actionin == "createsource"){ if($actionin == "createsource"){
$stmt12 = $mysqliconn->prepare("INSERT INTO Sources (PublicationID, Place, CreatorID) VALUES (?, ?, ?);");
$publicationid = intval($_POST["publicationid"]);
$place = htmlspecialchars($_POST["place"]);
$cruid = $_SESSION["userID"];
$stmt12->bind_param("isi", $publicationid, $place, $cruid);
$stmt12->execute();
$stmt12->store_result();
} }
if($actionin == "getallsources"){ if($actionin == "getallsources"){
$stmt13 = $mysqliconn->prepare("SELECT ID, PublicationID, Place, CreatorID FROM Sources;");
$stmt13->execute();
$stmt13->bind_result($id, $publicationid, $place, $creatorid);
$stmt13->store_result();
$outarr = array();
if ($stmt13->num_rows > 0){
while ($stmt13->fetch()){
$tmparr["id"] = $id;
$tmparr["publicationid"] = $publicationid;
$tmparr["place"] = $place;
$tmparr["creatorid"] = $creatorid;
array_push($outarr, $tmparr);
}
}
return json_encode($outarr);
} }
if($actionin == "getallsourcesbycreator"){ if($actionin == "getallsourcesbycreator"){
$stmt13 = $mysqliconn->prepare("SELECT ID, PublicationID, Place, CreatorID FROM Sources WHERE CreatorID = ?;");
$cruid = intval($_POST['creatorid']);
$stmt13->bind_param("i", $cruid);
$stmt13->execute();
$stmt13->bind_result($id, $publicationid, $place, $creatorid);
$stmt13->store_result();
$outarr = array();
if ($stmt13->num_rows > 0){
while ($stmt13->fetch()){
$tmparr["id"] = $id;
$tmparr["publicationid"] = $publicationid;
$tmparr["place"] = $place;
$tmparr["creatorid"] = $creatorid;
array_push($outarr, $tmparr);
}
}
return json_encode($outarr);
} }
return 0; return 0;
@@ -207,17 +273,45 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
function processCommentRelated($actionin, mysqli $mysqliconn){ function processCommentRelated($actionin, mysqli $mysqliconn){
if($actionin == "createcomment"){ if($actionin == "createcomment"){
$stmt14 = $mysqliconn->prepare("INSERT INTO Comments (CreatorID, CitationID, CitationThreadID, Content) VALUES (?, ?, ?, ?);");
$creatorid = $_SESSION["userid"];
$citationid = intval($_POST["citationid"]);
$citationthreadid = intval($_POST["citationthreadid"]);
$content = htmlspecialchars($_POST["content"]);
$stmt14->bind_param("iiis", $creatorid, $citationid, $citationthreadid, $content);
$stmt14->execute();
$stmt14->store_result();
} }
if($actionin == "getallcommentsbycreator"){ if($actionin == "getallcommentsbycreator"){
$stmt15 = $mysqliconn->prepare("SELECT ID, CreatorID, CitationID, CitationThreadID, Content FROM Comments WHERE CreatorID = ?;");
$cruid = intval($_POST['creatorid']);
$stmt15->bind_param("i", $cruid);
$stmt15->execute();
$stmt15->bind_result($id, $creatorid, $citationid, $citationthreadid, $content);
$stmt15->store_result();
$outarr = array();
if ($stmt15->num_rows > 0){
while ($stmt15->fetch()){
$tmparr["id"] = $id;
$tmparr["creatorid"] = $creatorid;
$tmparr["citationid"] = $citationid;
$tmparr["citationthreadid"] = $citationthreadid;
$tmparr["content"] = $content;
array_push($outarr, $tmparr);
}
}
return json_encode($outarr);
} }
if($actionin == "getcommentsbycitationlatestversion"){ if($actionin == "getcommentsbycitationlatestversion"){
} }
if($actionin == "getcommentsbycitationbyversion"){
}
if($actionin == "getcommentsbycitationallversions"){ if($actionin == "getcommentsbycitationallversions"){
} }
@@ -225,6 +319,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
return 0; return 0;
} }
function processAuthorRelated($actionin, mysqli $mysqliconn){
}
function processPublicationRelated($actionin, mysqli $mysqliconn){
}
if($_SESSION["loggedin"] == 1){ if($_SESSION["loggedin"] == 1){
$citationreturn = processCitationRelated($action, $mysqli); $citationreturn = processCitationRelated($action, $mysqli);
@@ -251,6 +353,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
return; return;
} }
$authorreturn = processAuthorRelated($action, $mysqli);
if($authorreturn != 0){
echo $authorreturn;
return;
}
$publicationreturn = processPublicationRelated($action, $mysqli);
if($publicationreturn != 0){
echo $publicationreturn;
return;
}
$userreturn = processUserRelated($action, $mysqli); $userreturn = processUserRelated($action, $mysqli);
if($userreturn != 0){ if($userreturn != 0){
echo $userreturn; echo $userreturn;