Skip to content
This repository was archived by the owner on Jun 8, 2023. It is now read-only.

Commit 857fa26

Browse files
author
Samuel Janda
committed
Initial commit.
1 parent e87ffd7 commit 857fa26

11 files changed

+1151
-0
lines changed

.gitignore

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
.htaccess
2+
model/.htaccess

controller/account.php

+174
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,174 @@
1+
<?php
2+
3+
require_once '../model/Config.php';
4+
require_once '../model/DB.php';
5+
require_once '../model/Location.php';
6+
require_once '../model/Response.php';
7+
8+
try {
9+
$writeDB = DB::connectWriteDB();
10+
}
11+
catch (PDOException $e) {
12+
error_log("Exception: " . $e->getMessage(), 0);
13+
$response = new Response();
14+
$response->setHttpStatusCode(500);
15+
$response->setSuccess(false);
16+
$response->addMessage("Error: connection to database could not be established.");
17+
$response->send();
18+
exit();
19+
}
20+
21+
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
22+
$response = new Response();
23+
$response->setHttpStatusCode(405);
24+
$response->setSuccess(false);
25+
$response->addMessage("Error: request method not permitted on the user endpoint.");
26+
$response->send();
27+
exit();
28+
}
29+
30+
if ($_SERVER['CONTENT_TYPE'] !== 'application/json') {
31+
$response = new Response();
32+
$response->setHttpStatusCode(400);
33+
$response->setSuccess(false);
34+
$response->addMessage("Error: content type header not set to JSON.");
35+
$response->send();
36+
exit();
37+
}
38+
39+
$$raw_post_data = file_get_contents('php://input');
40+
41+
if (!$json_data = json_decode($raw_post_data)) {
42+
$response = new Response();
43+
$response->setHttpStatusCode(400);
44+
$response->setSuccess(false);
45+
$response->addMessage("Error: request body is not valid JSON.");
46+
$response->send();
47+
exit();
48+
}
49+
50+
if (!isset($json_data->businessName, $json_data->authContact, $json_data->phone, $json_data->streetAddress, $json_data->suburb, $json_data->state, $json_data->postcode, $json_data->password)) {
51+
$response = new Response();
52+
$response->setHttpStatusCode(400);
53+
$response->setSuccess(false);
54+
(!isset($json_data->businessName) ? $response->addMessage("Error: request body does not contain a business name.") : false);
55+
(!isset($json_data->authContact) ? $response->addMessage("Error: request body does not contain an authorised contact.") : false);
56+
(!isset($json_data->phone) ? $response->addMessage("Error: request body does not contain a contact phone number.") : false);
57+
(!isset($json_data->streetAddress) ? $response->addMessage("Error: request body does not contain a street address.") : false);
58+
(!isset($json_data->suburb) ? $response->addMessage("Error: request body does not contain a suburb name.") : false);
59+
(!isset($json_data->state) ? $response->addMessage("Error: request body does not contain a state name.") : false);
60+
(!isset($json_data->postcode) ? $response->addMessage("Error: request body does not contain a postcode.") : false);
61+
(!isset($json_data->password) ? $response->addMessage("Error: request body does not contain a password.") : false);
62+
$response->send();
63+
exit();
64+
}
65+
66+
try {
67+
68+
$location = new Location();
69+
$location->setName(trim($json_data->businessName));
70+
$location->setAuthContact(trim($json_data->authContact));
71+
if (isset($json_data->avatar)) $location->setAvatar(trim($json_data->avatar));
72+
$location->setPhoneNumber(trim($json_data->phone));
73+
$location->address()->setStreetAddress(trim($json_data->streetAddress));
74+
$location->address()->setSuburb(trim($json_data->suburb));
75+
$location->address()->setState(trim($json_data->state));
76+
$location->address()->setPostCode(trim($json_data->postcode));
77+
if (isset($json_data->email)) $location->setEmailAddress(trim($json_data->email));
78+
if (isset($json_data->abn)) $location->setABN(trim($json_data->abn));
79+
80+
$query_email = $location->getEmailAddress();
81+
$query = $writeDB->prepare("SELECT `id` FROM `accounts` WHERE `email` = :email");
82+
$query->bindParam(':email', $query_email, PDO::PARAM_STR);
83+
$query->execute();
84+
85+
$row_count = $query->rowCount();
86+
if ($row_count > 0) {
87+
$response = new Response();
88+
$response->setHttpStatusCode(409);
89+
$response->setSuccess(false);
90+
$response->addMessage("Error: email address already listed within the database.");
91+
$response->send();
92+
exit();
93+
}
94+
95+
$passwordHash = password_hash($json_data->password, PASSWORD_DEFAULT);
96+
97+
$query_abn = $location->getABN();
98+
$query_contact = $location->getAuthorisedContact();
99+
$query_avatar = $location->getAvatar();
100+
$query_name = $location->getName();
101+
$query_email = $location->getEmailAddress();
102+
$query_phone = $location->getPhoneNumber();
103+
$query_postcode = $location->getPhoneNumber();
104+
$query_state = $location->address()->getPostcode();
105+
$query_address = $location->address()->getStreetAddress();
106+
$query_suburb = $location->address()->getSuburb();
107+
$query = $writeDB->prepare("INSERT INTO `accounts`
108+
(ABN, auth, auth_contact, avatar, business_name, email, phone, postcode, `state`, street_address, suburb) VALUES
109+
(:abn, :auth, :authContact, :avatar, :business, :email, :phone, :postcode, :state, :address, :suburb)");
110+
$query->bindParam(':abn', $query_abn, PDO::PARAM_STR);
111+
$query->bindParam(':auth', $passwordHash, PDO::PARAM_STR);
112+
$query->bindParam(':authContact', $query_contact, PDO::PARAM_STR);
113+
$query->bindParam(':avatar', $query_avatar, PDO::PARAM_STR);
114+
$query->bindParam(':business', $query_name, PDO::PARAM_STR);
115+
$query->bindParam(':email', $query_email, PDO::PARAM_STR);
116+
$query->bindParam(':phone', $query_phone, PDO::PARAM_STR);
117+
$query->bindParam(':postcode', $query_postcode, PDO::PARAM_STR);
118+
$query->bindParam(':state', $query_state, PDO::PARAM_STR);
119+
$query->bindParam(':address', $query_address, PDO::PARAM_STR);
120+
$query->bindParam(':suburb', $query_suburb, PDO::PARAM_STR);
121+
$query->execute();
122+
123+
$row_count = $query->rowCount();
124+
if ($row_count === 0) {
125+
$response = new Response();
126+
$response->setHttpStatusCode(500);
127+
$response->setSuccess(false);
128+
$response->addMessage("Error: database error during user creation.");
129+
$response->send();
130+
exit();
131+
}
132+
133+
$response_data = [];
134+
$response_data['id'] = $writeDB->lastInsertId();
135+
$response_data['name'] = $query_name;
136+
$response_data['authorisedContact'] = $query_contact;
137+
$response_data['contactPhone'] = $query_phone;
138+
$response_data['contactEmail'] = $query_email;
139+
140+
$response = new Response();
141+
$response->setHttpStatusCode(201);
142+
$response->setSuccess(true);
143+
$response->addMessage("Account successfully created.");
144+
$response->setData($responseData);
145+
$response->send();
146+
exit();
147+
148+
}
149+
catch (PDOException $e) {
150+
error_log("Exception: " . $e->getMessage());
151+
$response = new Response();
152+
$response->setHttpStatusCode(500);
153+
$response->setSuccess(false);
154+
$response->addMessage("Error: database error during user creation.");
155+
$response->send();
156+
exit();
157+
}
158+
catch (APIException $e) {
159+
$response = new Response();
160+
$response->setHttpStatusCode(400);
161+
$response->setSuccess(false);
162+
$response->addMessage("Error: " . $e->getMessage());
163+
$response->send();
164+
exit();
165+
}
166+
catch (Error $e) {
167+
error_log("Exception: " . $e->getMessage());
168+
$response = new Response();
169+
$response->setHttpStatusCode(500);
170+
$response->setSuccess(false);
171+
$response->addMessage("Unknown error.");
172+
$response->send();
173+
exit();
174+
}

controller/authenticate.php

+69
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
<?php
2+
if (!isset($_SERVER['HTTP_AUTHORIZATION']) || strlen($_SERVER['HTTP_AUTHORIZATION']) < 1) {
3+
$response = new Response();
4+
$response->setHttpStatusCode(401);
5+
$response->setSuccess(false);
6+
(!isset($_SERVER['HTTP_AUTHORIZATION']) ? $response->addMessage("Error: Access token not received.") : false);
7+
(strlen($_SERVER['HTTP_AUTHORIZATION'] < 1) ? $response->addMessage("Error: Access token cannot be blank.") : false);
8+
$response->send();
9+
exit();
10+
}
11+
$accessToken = $_SERVER['HTTP_AUTHORIZATION'];
12+
13+
try {
14+
15+
$query = $writeDB->prepare("SELECT `account_id`, `access_token_expiry`, `is_active`, `login_attempts` FROM `sessions`, `accounts` WHERE `sessions`.`account_id` = `accounts`.`id` AND `access_token` = :accessToken");
16+
$query->bindParam(":accessToken", $accessToken, PDO::PARAM_STR);
17+
$query->execute();
18+
19+
$rowCount = $query->rowCount();
20+
if ($rowCount === 0) {
21+
$response = new Response();
22+
$response->setHttpStatusCode(401);
23+
$response->setSuccess(false);
24+
$response->addMessage("Error: access token provided is invalid.");
25+
$response->send();
26+
exit();
27+
}
28+
29+
$row = $query->fetch(PDO::FETCH_OBJ);
30+
$_accountID = $row->account_id;
31+
$_accessExpiry = $row->access_token_expiry;
32+
$_isActive = $row->is_active;
33+
$_loginAttempts = $row->login_attempts;
34+
35+
if ($_loginAttempts > 2) {
36+
$response = new Response();
37+
$response->setHttpStatusCode(401);
38+
$response->setSuccess(false);
39+
$response->addMessage('User account currently locked.');
40+
$response->send();
41+
exit();
42+
}
43+
44+
if (strtotime($_accessExpiry) < time()) {
45+
$response = new Response();
46+
$response->setHttpStatusCode(401);
47+
$response->setSuccess(false);
48+
$response->addMessage('Access token expired.');
49+
$response->send();
50+
exit();
51+
}
52+
53+
if ($_isActive !== 1) {
54+
$response = new Response();
55+
$response->setHttpStatusCode(401);
56+
$response->setSuccess(false);
57+
$response->addMessage('User account currently inactive.');
58+
$response->send();
59+
exit();
60+
}
61+
} catch (PDOException $e) {
62+
$response = new Response();
63+
$response->setHttpStatusCode(500);
64+
$response->setSuccess(false);
65+
$response->addMessage('User authentication failed. Please try again.');
66+
$response->send();
67+
exit();
68+
}
69+
?>

controller/entryexit.php

+116
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,116 @@
1+
<?php
2+
3+
require_once '../model/Config.php';
4+
require_once '../model/DB.php';
5+
require_once '../model/Visitor.php';
6+
require_once '../model/Response.php';
7+
8+
try {
9+
$writeDB = DB::connectWriteDB();
10+
$readDB = DB::connectReadDB();
11+
} catch (PDOException $e) {
12+
error_log("Exception: " . $e->getMessage(), 0);
13+
$response = new Response();
14+
$response->setHttpStatusCode(500);
15+
$response->setSuccess(false);
16+
$response->addMessage("Error: connection to database could not be established.");
17+
$response->send();
18+
exit();
19+
}
20+
21+
include('authenticate.php');
22+
23+
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
24+
$response = new Response();
25+
$response->setHttpStatusCode(405);
26+
$response->setSuccess(false);
27+
$response->addMessage('Server request method not allowed.');
28+
$response->send();
29+
exit();
30+
}
31+
32+
if ($_SERVER['CONTENT_TYPE'] !== 'application/json') {
33+
$response = new Response();
34+
$response->setHttpStatusCode(400);
35+
$response->setSuccess(false);
36+
$response->addMessage("Error: content type header not set to JSON.");
37+
$response->send();
38+
exit();
39+
}
40+
41+
$raw_post_data = file_get_contents('php://input');
42+
43+
if (!$json_data = json_decode($raw_post_data)) {
44+
$response = new Response();
45+
$response->setHttpStatusCode(400);
46+
$response->setSuccess(false);
47+
$response->addMessage("Error: request body is not valid JSON.");
48+
$response->send();
49+
exit();
50+
}
51+
52+
if (!isset($jsonData->name, $jsonData->phone)) {
53+
$response = new Response();
54+
$response->setHttpStatusCode(400);
55+
$response->setSuccess(false);
56+
(!isset($jsonData->name) ? $response->addMessage("Error: request body does not contain a visitor name.") : false);
57+
(!isset($jsonData->phone) ? $response->addMessage("Error: request body does not contain a phone number.") : false);
58+
$response->send();
59+
exit();
60+
}
61+
62+
try {
63+
64+
$visitor = new Visitor();
65+
$visitor->setName(trim($json_data->name));
66+
$visitor->setPhoneNumber(trim($json_data->phone));
67+
68+
$query_name = $visitor->getName();
69+
$query_phone = $visitor->getPhoneNumber();
70+
$query_arr = new DateTime();
71+
$query = $writeDB->prepare("INSERT INTO `contacts`(`name`, `phone`) VALUES (:n, :p)");
72+
$query->bindParam(':n', $query_name, PDO::PARAM_STR);
73+
$query->bindParam(':p', $query_phone, PDO::PARAM_STR);
74+
$query->execute();
75+
76+
$row_count = $query->rowCount();
77+
if ($rowCount === 0) {
78+
$response = new Response();
79+
$response->setHttpStatusCode(409);
80+
$response->setSuccess(false);
81+
$response->addMessage("Error: New arrival not added.");
82+
$response->send();
83+
exit();
84+
}
85+
86+
$response = new Response();
87+
$response->setHttpStatusCode(201);
88+
$response->setSuccess(true);
89+
$response->addMessage("Visitor successfully checked in.");
90+
$response->send();
91+
exit();
92+
93+
} catch (PDOException $e) {
94+
error_log("Exception: " . $e->getMessage());
95+
$response = new Response();
96+
$response->setHttpStatusCode(500);
97+
$response->setSuccess(false);
98+
$response->addMessage("Database query failed.");
99+
$response->send();
100+
exit();
101+
} catch (APIException $e) {
102+
$response = new Response();
103+
$response->setHttpStatusCode(200);
104+
$response->setSuccess(false);
105+
$response->addMessage("API Exception: " . $e->getMessage());
106+
$response->send();
107+
exit();
108+
} catch (Exception $e) {
109+
error_log("Exception: " . $e->getMessage());
110+
$response = new Response();
111+
$response->setHttpStatusCode(500);
112+
$response->setSuccess(false);
113+
$response->addMessage("Unknown error occurred=.");
114+
$response->send();
115+
exit();
116+
}

0 commit comments

Comments
 (0)