Minor fixes.

Author: Samuel Janda

.gitignore

@@ -1,2 +1 @@
 .htaccess
-model/.htaccess

.vscode/launch.json

@@ -0,0 +1,22 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Listen for XDebug",
+      "type": "php",
+      "request": "launch",
+      "port": 9000
+    },
+    {
+      "name": "Launch currently open script",
+      "type": "php",
+      "request": "launch",
+      "program": "${file}",
+      "cwd": "${fileDirname}",
+      "port": 9000
+    }
+  ]
+}

controller/account.php

@@ -36,7 +36,7 @@
   exit();
 }
 
-$$raw_post_data = file_get_contents('php://input');
+$raw_post_data = file_get_contents('php://input');
 
 if (!$json_data = json_decode($raw_post_data)) {
   $response = new Response();
@@ -47,12 +47,13 @@
   exit();
 }
 
-if (!isset($json_data->businessName, $json_data->authContact, $json_data->phone, $json_data->streetAddress, $json_data->suburb, $json_data->state, $json_data->postcode, $json_data->password)) {
+if (!isset($json_data->businessName, $json_data->authContact, $json_data->email, $json_data->phone, $json_data->streetAddress, $json_data->suburb, $json_data->state, $json_data->postcode, $json_data->password)) {
   $response = new Response();
   $response->setHttpStatusCode(400);
   $response->setSuccess(false);
   (!isset($json_data->businessName) ? $response->addMessage("Error: request body does not contain a business name.") : false);
   (!isset($json_data->authContact) ? $response->addMessage("Error: request body does not contain an authorised contact.") : false);
+  (!isset($json_data->email) ? $response->addMessage("Error: request body does not contain an email address.") : false);
   (!isset($json_data->phone) ? $response->addMessage("Error: request body does not contain a contact phone number.") : false);
   (!isset($json_data->streetAddress) ? $response->addMessage("Error: request body does not contain a street address.") : false);
   (!isset($json_data->suburb) ? $response->addMessage("Error: request body does not contain a suburb name.") : false);
@@ -74,7 +75,7 @@
   $location->address()->setSuburb(trim($json_data->suburb));
   $location->address()->setState(trim($json_data->state));
   $location->address()->setPostCode(trim($json_data->postcode));
-  if (isset($json_data->email)) $location->setEmailAddress(trim($json_data->email));
+  $location->setEmailAddress(trim($json_data->email));
   if (isset($json_data->abn)) $location->setABN(trim($json_data->abn));
 
   $query_email = $location->getEmailAddress();
@@ -141,7 +142,7 @@
   $response->setHttpStatusCode(201);
   $response->setSuccess(true);
   $response->addMessage("Account successfully created.");
-  $response->setData($responseData);
+  $response->setData($response_data);
   $response->send();
   exit();
 
@@ -159,7 +160,7 @@
   $response = new Response();
   $response->setHttpStatusCode(400);
   $response->setSuccess(false);
-  $response->addMessage("Error: " . $e->getMessage());
+  $response->addMessage("API Error: " . $e->getMessage());
   $response->send();
   exit();
 }

controller/authenticate.php

@@ -50,7 +50,7 @@
         exit();
     }
 
-    if ($_isActive !== 1) {
+    if (!$_isActive) {
         $response = new Response();
         $response->setHttpStatusCode(401);
         $response->setSuccess(false);

controller/entryexit.php

@@ -20,76 +20,117 @@
 
 include('authenticate.php');
 
-if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-  $response = new Response();
-  $response->setHttpStatusCode(405);
-  $response->setSuccess(false);
-  $response->addMessage('Server request method not allowed.');
-  $response->send();
-  exit();
-}
+try {
 
-if ($_SERVER['CONTENT_TYPE'] !== 'application/json') {
-  $response = new Response();
-  $response->setHttpStatusCode(400);
-  $response->setSuccess(false);
-  $response->addMessage("Error: content type header not set to JSON.");
-  $response->send();
-  exit();
-}
+  if ($_SERVER['REQUEST_METHOD'] === 'POST' && array_key_exists('l', $_GET)) { //ENTRY
 
-$raw_post_data = file_get_contents('php://input');
+    if ($_SERVER['CONTENT_TYPE'] !== 'application/json') {
+      $response = new Response();
+      $response->setHttpStatusCode(400);
+      $response->setSuccess(false);
+      $response->addMessage("Error: content type header not set to JSON.");
+      $response->send();
+      exit();
+    }
 
-if (!$json_data = json_decode($raw_post_data)) {
-  $response = new Response();
-  $response->setHttpStatusCode(400);
-  $response->setSuccess(false);
-  $response->addMessage("Error: request body is not valid JSON.");
-  $response->send();
-  exit();
-}
+    $raw_post_data = file_get_contents('php://input');
 
-if (!isset($jsonData->name, $jsonData->phone)) {
-  $response = new Response();
-  $response->setHttpStatusCode(400);
-  $response->setSuccess(false);
-  (!isset($jsonData->name) ? $response->addMessage("Error: request body does not contain a visitor name.") : false);
-  (!isset($jsonData->phone) ? $response->addMessage("Error: request body does not contain a phone number.") : false);
-  $response->send();
-  exit();
-}
+    if (!$json_data = json_decode($raw_post_data)) {
+      $response = new Response();
+      $response->setHttpStatusCode(400);
+      $response->setSuccess(false);
+      $response->addMessage("Error: request body is not valid JSON.");
+      $response->send();
+      exit();
+    }
+  
+    if (!isset($json_data->name, $json_data->phone)) {
+      $response = new Response();
+      $response->setHttpStatusCode(400);
+      $response->setSuccess(false);
+      (!isset($json_data->name) ? $response->addMessage("Error: request body does not contain a visitor name.") : false);
+      (!isset($json_data->phone) ? $response->addMessage("Error: request body does not contain a phone number.") : false);
+      $response->send();
+      exit();
+    }
 
-try {
+    $visitor = new Visitor();
+    $visitor->setName(trim($json_data->name));
+    $visitor->setPhoneNumber(trim($json_data->phone));
 
-  $visitor = new Visitor();
-  $visitor->setName(trim($json_data->name));
-  $visitor->setPhoneNumber(trim($json_data->phone));
+    $query_name = $visitor->getName();
+    $query_phone = $visitor->getPhoneNumber();
+    $query_account_id = intval($_GET['l']);
+    $query = $writeDB->prepare("INSERT INTO `contacts`(`account_id`,`name`, `phone`) VALUES (:a, :n, :p)");
+    $query->bindParam(':a', $query_account_id, PDO::PARAM_INT);
+    $query->bindParam(':n', $query_name, PDO::PARAM_STR);
+    $query->bindParam(':p', $query_phone, PDO::PARAM_STR);
+    $query->execute();
 
-  $query_name = $visitor->getName();
-  $query_phone = $visitor->getPhoneNumber();
-  $query_arr = new DateTime();
-  $query = $writeDB->prepare("INSERT INTO `contacts`(`name`, `phone`) VALUES (:n, :p)");
-  $query->bindParam(':n', $query_name, PDO::PARAM_STR);
-  $query->bindParam(':p', $query_phone, PDO::PARAM_STR);
-  $query->execute();
+    $row_count = $query->rowCount();
+    if ($rowCount === 0) {
+      $response = new Response();
+      $response->setHttpStatusCode(409);
+      $response->setSuccess(false);
+      $response->addMessage("Error: New arrival not added.");
+      $response->send();
+      exit();
+    }
 
-  $row_count = $query->rowCount();
-  if ($rowCount === 0) {
     $response = new Response();
-    $response->setHttpStatusCode(409);
+    $response->setHttpStatusCode(201);
+    $response->setSuccess(true);
+    $response->addMessage("Visitor successfully checked in.");
+    $response->send();
+    exit();
+
+  } elseif ($_SERVER['REQUEST_METHOD'] === 'PATCH' && array_key_exists('v', $_GET)) { //EXIT
+
+    $query_id = intval($_GET['v']);
+    $query = $writeDB->prepare("SELECT * FROM `contacts` WHERE id=:id");
+    $query->bindParam(':id', $query_id, PDO::PARAM_INT);
+    $query->execute();
+    
+    $row_count = $query->rowCount();
+    if ($rowCount === 0) {
+      $response = new Response();
+      $response->setHttpStatusCode(409);
+      $response->setSuccess(false);
+      $response->addMessage("Error: Arrival entry not found.");
+      $response->send();
+      exit();
+    }
+
+    $query = $writeDB->prepare("UPDATE `contacts` SET `dep`=CURRENT_TIMESTAMP() WHERE id=:id");
+    $query->bindParam(':id', $query_id, PDO::PARAM_INT);
+    $query->execute();
+
+    $row_count = $query->rowCount();
+    if ($rowCount === 0) {
+      $response = new Response();
+      $response->setHttpStatusCode(409);
+      $response->setSuccess(false);
+      $response->addMessage("Error: New arrival not added.");
+      $response->send();
+      exit();
+    }
+
+    $response = new Response();
+    $response->setHttpStatusCode(201);
+    $response->setSuccess(true);
+    $response->addMessage("Visitor successfully checked out.");
+    $response->send();
+    exit();
+
+  } else {
+    $response = new Response();
+    $response->setHttpStatusCode(405);
     $response->setSuccess(false);
-    $response->addMessage("Error: New arrival not added.");
+    $response->addMessage('Server request method not allowed.');
     $response->send();
     exit();
   }
 
-  $response = new Response();
-  $response->setHttpStatusCode(201);
-  $response->setSuccess(true);
-  $response->addMessage("Visitor successfully checked in.");
-  $response->send();
-  exit();
-
 } catch (PDOException $e) {
   error_log("Exception: " . $e->getMessage());
   $response = new Response();

controller/sessions.php

@@ -1,6 +1,6 @@
 <?php
 
-require_once './db.php';
+require_once '../model/DB.php';
 require_once '../model/Response.php';
 
 try{
@@ -134,12 +134,12 @@
             $_accountID = $row->accountID;
             $_accessToken = $row->access_token;
             $_refreshToken = $row->refresh_token;
-            $_isActive = $row->is_active;
+            $_is_active = $row->is_active;
             $_loginAttempts = $row->login_attempts;
             $_accessExpiry = $row->access_token_expiry;
             $_refreshExpiry = $row->refresh_token_expiry;
 
-            if (!$_isActive === 'Y') {
+            if ($_is_active !== 1) {
                 $response = new Response();
                 $response->setHttpStatusCode(401);
                 $response->setSuccess(false);
@@ -168,7 +168,7 @@
 
             $accessToken = base64_encode(bin2hex(openssl_random_pseudo_bytes(24)).time());
             $refreshToken = base64_encode(bin2hex(openssl_random_pseudo_bytes(24)).time());
-            $accessExpiry = 1200;
+            $accessExpiry = 16*60*60;
             $refreshExpiry = 28*24*60*60;
 
             $query= $writeDB->prepare("UPDATE `sessions` SET
@@ -306,12 +306,11 @@
         }
 
         $row = $query->fetch(PDO::FETCH_OBJ);
-        $id = $row->id;
-        $accountID = $row->account_id;
-        $name = $row->name;
+        $account_id = $row->id;
+        $name = $row->business_name;
         $email = $row->email;
         $dbPassword = $row->auth;
-        $isActive = $row->is_active;
+        $is_active = $row->is_active;
         $loginAttempts = $row->login_attempts;
 
         if ($loginAttempts > 2) {
@@ -325,7 +324,7 @@
 
         if (!password_verify($password, $dbPassword)) {
             $query = $writeDB->prepare("UPDATE `accounts` SET `login_attempts`=`login_attempts`+1 WHERE id=:id");
-            $query->bindParam(":id", $id, PDO::PARAM_INT);
+            $query->bindParam(":id", $account_id, PDO::PARAM_INT);
             $query->execute();
 
             $response = new Response();
@@ -336,7 +335,7 @@
             exit();
         }
 
-        if ($isActive !== 'Y') {
+        if (!$is_active) {
             $response = new Response();
             $response->setHttpStatusCode(401);
             $response->setSuccess(false);
@@ -362,13 +361,13 @@
 
         $writeDB->beginTransaction();
         $query = $writeDB->prepare("UPDATE `accounts` SET `login_attempts`=0 WHERE id=:id");
-        $query->bindParam(":id", $id, PDO::PARAM_INT);
+        $query->bindParam(":id", $account_id, PDO::PARAM_INT);
         $query->execute();
 
         $query = $writeDB->prepare("INSERT INTO `sessions`
                     (`account_id`, `access_token`, `access_token_expiry`, `refresh_token`, `refresh_token_expiry`)
                     VALUES (:accountID, :accessToken, DATE_ADD(NOW(), INTERVAL :accessExpiry SECOND), :refreshToken, DATE_ADD(NOW(), INTERVAL :refreshExpiry SECOND))");
-        $query->bindParam(":accountID", $id, PDO::PARAM_INT);
+        $query->bindParam(":accountID", $account_id, PDO::PARAM_INT);
         $query->bindParam(":accessToken", $accessToken, PDO::PARAM_STR);
         $query->bindParam(":accessExpiry", $accessExpiry, PDO::PARAM_INT);
         $query->bindParam(":refreshToken", $refreshToken, PDO::PARAM_STR);

model/Address.php

@@ -1,12 +1,24 @@
 <?php
 
-require_once './Config.php';
+require_once '../model/Config.php';
 
 class Address {
-  private string $_street_address;
-  private string $_suburb;
-  private string $_state;
-  private string $_postcode;
+  /**
+   * @var string 
+   */
+  private $_street_address;
+  /**
+   * @var string 
+   */
+  private $_suburb;
+  /**
+   * @var string 
+   */
+  private $_state;
+  /**
+   * @var string 
+   */
+  private $_postcode;
 
   public function __toString():string {
     return "{$this->_street_address}\r\n{$this->_suburb} {$this->_state} {$this->_postcode}"; 

model/Config.php

@@ -9,7 +9,7 @@ class Config {
    * @return bool Returns `true` if the phone number entered is a valid Australian number; false upon failure.
    */
   public static function ValidatePhoneNumber(string $pn):bool {
-    if (strlen($pn !== 12)) return false; //Phone number length confirmed
+    if (strlen($pn) !== 12) return false; //Phone number length confirmed
     if (substr($pn, 0, 3) !== "+61") return false; //Australian telephone number confirmed
     $vb = intval(substr($pn, 4, 2)); //substring to be evaluated against valid number ranges
     if (substr($pn, 3, 1) === "2" && ($vb < 37 && $vb !== 33)) return false; //NSW/ACT Number confirmed