Skip to content
This repository has been archived by the owner on Mar 10, 2024. It is now read-only.

Commit

Permalink
locking remaining api routes behind user auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@nitrotap
nitrotap committed Jun 9, 2023
1 parent ee7e6a7 commit 89654f9
Show file tree
Hide file tree
Showing 7 changed files with 211 additions and 72 deletions.
8 changes: 8 additions & 0 deletions client/src/app/results/results.page.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,16 @@ export class ResultsPage implements OnInit {
ngOnInit() {
this.getTaskData();
this.getAnswerData();


}

ionViewDidEnter() {
this.getTaskData();
this.getAnswerData();


}
deleteTask(task: any) {
// Handle task deletion here
console.log('Deleting task: ', task);
Expand Down
14 changes: 14 additions & 0 deletions client/src/app/services/answer-data.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,14 @@ export class AnswerDataService {

updateData(formData: any): Observable<any> {

const sessionID = sessionStorage.getItem("sessionID")
const userID = sessionStorage.getItem("userID")

formData.sessionID = sessionID;
formData.userID = userID;



const updateUrl = `${this.url}/update/`;

const httpOptions = {
Expand Down Expand Up @@ -103,6 +111,12 @@ export class AnswerDataService {
params: new HttpParams(),
};

const sessionID = sessionStorage.getItem("sessionID")
const userID = sessionStorage.getItem("userID")

formData.sessionID = sessionID;
formData.userID = userID;

// Convert the formData object to URL-encoded format
let body = new HttpParams();
for (const key of Object.keys(formData)) {
Expand Down
16 changes: 16 additions & 0 deletions client/src/app/services/task-data.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,14 @@ export class TaskDataService {

updateData(formData: any): Observable<any> {

const sessionID = sessionStorage.getItem("sessionID")
const userID = sessionStorage.getItem("userID")

formData.sessionID = sessionID;
formData.userID = userID;



const updateUrl = `${this.url}/update/`;

const httpOptions = {
Expand All @@ -93,6 +101,14 @@ export class TaskDataService {
}

deleteData(formData: any): Observable<any> {

const sessionID = sessionStorage.getItem("sessionID")
const userID = sessionStorage.getItem("userID")

formData.sessionID = sessionID;
formData.userID = userID;


const deleteUrl = `${this.url}/delete/`;

const httpOptions = {
Expand Down
51 changes: 38 additions & 13 deletions server/api/answer/delete/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,44 @@
sanitizeRequestStrings();
$requestData = $_REQUEST;

// Your DELETE query
$query = "DELETE FROM $table WHERE answerID = :value1";
$stmt = $db->prepare($query);
$stmt->bindParam(':value1', $requestData['answerID']);

try {
// authenticate user with userID and sessionID.
if (isset($requestData['sessionID']) && isset($requestData['userID'])) {
// get user email and sessionID
$query = "SELECT * FROM user_table WHERE userID = :userID";
$stmt = $db->prepare($query);
$stmt->bindParam(':userID', $requestData['userID']);
$stmt->execute();
} catch (PDOException $e) {
die("Delete failed: " . $e->getMessage());
}
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if (!($user['session_id'] === $requestData['sessionID'])) {
// Set headers to return a JSON response
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
// Return success response
echo json_encode(array('message' => 'Session ID Mismatch'));
return;
}


// Return success response
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Data deleted successfully'));
// Your DELETE query
$query = "DELETE FROM $table WHERE answerID = :value1";
$stmt = $db->prepare($query);
$stmt->bindParam(':value1', $requestData['answerID']);

try {
$stmt->execute();
} catch (PDOException $e) {
die("Delete failed: " . $e->getMessage());
}

// Return success response
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Data deleted successfully'));
} else {
// Return error message if required data is not provided
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Required data not provided'));
}
}
76 changes: 51 additions & 25 deletions server/api/answer/update/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,31 +24,57 @@
sanitizeRequestStrings();
$requestData = $_REQUEST;


// Your UPDATE query
$query = "UPDATE $table SET taskAnswer_1 = :value2, taskAnswer_2 = :value3, taskAnswer_3 = :value4, taskAnswer_4 = :value5, taskAnswer_5 = :value6, taskAnswer_6 = :value7, taskScore = :value8, dateTaken = :value9, userID = :value10, taskID = :value11 WHERE answerID = :value1";
$stmt = $db->prepare($query);
$stmt->bindParam(':value1', $requestData['answerID']);
$stmt->bindParam(':value2', $requestData['taskAnswer_1']);
$stmt->bindParam(':value3', $requestData['taskAnswer_2']);
$stmt->bindParam(':value4', $requestData['taskAnswer_3']);
$stmt->bindParam(':value5', $requestData['taskAnswer_4']);
$stmt->bindParam(':value6', $requestData['taskAnswer_5']);
$stmt->bindParam(':value7', $requestData['taskAnswer_6']);
$stmt->bindParam(':value8', $requestData['taskScore']);
$stmt->bindParam(':value9', $requestData['dateTaken']);
$stmt->bindParam(':value10', $requestData['userID']);
$stmt->bindParam(':value11', $requestData['taskID']);


try {
// authenticate user with userID and sessionID.
if (isset($requestData['sessionID']) && isset($requestData['userID'])) {
// get user email and sessionID
$query = "SELECT * FROM user_table WHERE userID = :userID";
$stmt = $db->prepare($query);
$stmt->bindParam(':userID', $requestData['userID']);
$stmt->execute();
} catch (PDOException $e) {
die("Update failed: " . $e->getMessage());
}
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if (!($user['session_id'] === $requestData['sessionID'])) {
// Set headers to return a JSON response
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
// Return success response
echo json_encode(array('message' => 'Session ID Mismatch'));
return;
}



// Return success response
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Data updated successfully'));

// Your UPDATE query
$query = "UPDATE $table SET taskAnswer_1 = :value2, taskAnswer_2 = :value3, taskAnswer_3 = :value4, taskAnswer_4 = :value5, taskAnswer_5 = :value6, taskAnswer_6 = :value7, taskScore = :value8, dateTaken = :value9, userID = :value10, taskID = :value11 WHERE answerID = :value1";
$stmt = $db->prepare($query);
$stmt->bindParam(':value1', $requestData['answerID']);
$stmt->bindParam(':value2', $requestData['taskAnswer_1']);
$stmt->bindParam(':value3', $requestData['taskAnswer_2']);
$stmt->bindParam(':value4', $requestData['taskAnswer_3']);
$stmt->bindParam(':value5', $requestData['taskAnswer_4']);
$stmt->bindParam(':value6', $requestData['taskAnswer_5']);
$stmt->bindParam(':value7', $requestData['taskAnswer_6']);
$stmt->bindParam(':value8', $requestData['taskScore']);
$stmt->bindParam(':value9', $requestData['dateTaken']);
$stmt->bindParam(':value10', $requestData['userID']);
$stmt->bindParam(':value11', $requestData['taskID']);


try {
$stmt->execute();
} catch (PDOException $e) {
die("Update failed: " . $e->getMessage());
}

// Return success response
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Data updated successfully'));
} else {
// Return error message if required data is not provided
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Required data not provided'));
}
}
67 changes: 46 additions & 21 deletions server/api/task/delete/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,30 +28,55 @@
sanitizeRequestStrings();
$requestData = $_REQUEST;

// Check if the required parameter is present
if (empty($requestData['taskID'])) {
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('error' => 'Missing required parameter: id'));
exit;
}
// authenticate user with userID and sessionID.
if (isset($requestData['sessionID']) && isset($requestData['userID'])) {
// get user email and sessionID
$query = "SELECT * FROM user_table WHERE userID = :userID";
$stmt = $db->prepare($query);
$stmt->bindParam(':userID', $requestData['userID']);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);

// Delete the row from the table
$query = "DELETE FROM $table WHERE taskID = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':id', $requestData['taskID']);
$stmt->execute();
if (!($user['session_id'] === $requestData['sessionID'])) {
// Set headers to return a JSON response
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
// Return success response
echo json_encode(array('message' => 'Session ID Mismatch'));
return;
}

// Check if any rows were affected
$rowCount = $stmt->rowCount();
header('Content-Type: application/json');
if ($rowCount > 0) {
// Return success response
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Row deleted successfully'));

// Check if the required parameter is present
if (empty($requestData['taskID'])) {
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('error' => 'Missing required parameter: id'));
exit;
}

// Delete the row from the table
$query = "DELETE FROM $table WHERE taskID = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':id', $requestData['taskID']);
$stmt->execute();

// Check if any rows were affected
$rowCount = $stmt->rowCount();
header('Content-Type: application/json');
if ($rowCount > 0) {
// Return success response
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Row deleted successfully'));
} else {
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
// Return error response if no rows were affected
echo json_encode(array('error' => 'No rows found with the specified ID'));
}
} else {
// Return error message if required data is not provided
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
// Return error response if no rows were affected
echo json_encode(array('error' => 'No rows found with the specified ID'));
echo json_encode(array('message' => 'Required data not provided'));
}
}
51 changes: 38 additions & 13 deletions server/api/task/update/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,20 +31,45 @@
// Retrieve data from the request body
$requestData = $_REQUEST;

// authenticate user with userID and sessionID.
if (isset($requestData['sessionID']) && isset($requestData['userID'])) {
// get user email and sessionID
$query = "SELECT * FROM user_table WHERE userID = :userID";
$stmt = $db->prepare($query);
$stmt->bindParam(':userID', $requestData['userID']);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);

// Update the data in the table
$query = "UPDATE $table SET taskName = :value1, taskType = :value2, taskTime = :value3, userID = :value4 WHERE taskID = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':value1', $requestData['taskName']);
$stmt->bindParam(':value2', $requestData['taskType']);
$stmt->bindParam(':value3', $requestData['taskTime']);
$stmt->bindParam(':value4', $requestData['userID']);
$stmt->bindParam(':id', $requestData['taskID']);
if (!($user['session_id'] === $requestData['sessionID'])) {
// Set headers to return a JSON response
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
// Return success response
echo json_encode(array('message' => 'Session ID Mismatch'));
return;
}

$stmt->execute();

// Return success response
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Data updated successfully'));

// Update the data in the table
$query = "UPDATE $table SET taskName = :value1, taskType = :value2, taskTime = :value3, userID = :value4 WHERE taskID = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':value1', $requestData['taskName']);
$stmt->bindParam(':value2', $requestData['taskType']);
$stmt->bindParam(':value3', $requestData['taskTime']);
$stmt->bindParam(':value4', $requestData['userID']);
$stmt->bindParam(':id', $requestData['taskID']);

$stmt->execute();

// Return success response
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Data updated successfully'));
} else {
// Return error message if required data is not provided
header('HTTP/1.1 400 Bad Request');
header('Access-Control-Allow-Origin: *'); // Allow requests from any origin
echo json_encode(array('message' => 'Required data not provided'));
}
}

0 comments on commit 89654f9

Please sign in to comment.