ggg

1. <?php
2.  
3. require_once '../include/DbHandler.php';
4. require_once '../include/PassHash.php';
5. require ‘vendor/autoload.php';
6.  
7. \Slim\Slim::registerAutoloader();
8.  
9. $app = new \Slim\Slim();
10.  
11. // User id from db - Global Variable
12. $user_id = NULL;
13.  
14. /**
15. * Verifying required params posted or not
16. */
17. function verifyRequiredParams($required_fields) {
18.    $error = false;
19.    $error_fields = "";
20.    $request_params = array();
21.    $request_params = $_REQUEST;
22.  
23.    // Handling PUT request params
24.  
25.    if ($_SERVER['REQUEST_METHOD'] == 'PUT') {
26.        $app = \Slim\Slim::getInstance();
27.        parse_str($app->request()->getBody(), $request_params);
28.    }
29.    foreach ($required_fields as $field) {
30.        if (!isset($request_params[$field]) || strlen(trim($request_params[$field])) <= 0) {
31.            $error = true;
32.            $error_fields .= $field . ', ';
33.        }
34.    }
35.  
36.    if ($error) {
37.        // Required field(s) are missing or empty
38.        // echo error json and stop the app
39.        $response = array();
40.        $app = \Slim\Slim::getInstance();
41.        $response["error"] = true;
42.        $response["message"] = 'Required field(s) ' . substr($error_fields, 0, -2) . ' is missing or empty';
43.        echoRespnse(400, $response);
44.        $app->stop();
45.    }
46. }
47.  
48. /**
49. * Validating email address
50. */
51. function validateEmail($email) {
52.    $app = \Slim\Slim::getInstance();
53.    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
54.        $response["error"] = true;
55.        $response["message"] = 'Email address is not valid';
56.        echoRespnse(400, $response);
57.        $app->stop();
58.    }
59. }
60.  
61. /**
62. * Echoing json response to client
63. * @param String $status_code Http response code
64. * @param Int $response Json response
65. */
66. function echoRespnse($status_code, $response) {
67.    $app = \Slim\Slim::getInstance();
68.    // Http response code
69.    $app->status($status_code);
70.  
71.    // setting response content type to json
72.    $app->contentType('application/json');
73.  
74.    echo json_encode($response);
75. }
76.  
77. /**
78. * User Registration
79. * url - /register
80. * method - POST
81. * params - name, email, password
82. */
83. $app->post('/register', function() use ($app) {
84.            // check for required params
85.            verifyRequiredParams(array('name', 'email', 'password'));
86.  
87.            $response = array();
88.  
89.            // reading post params
90.            $name = $app->request->post('name');
91.            $email = $app->request->post('email');
92.            $password = $app->request->post('password');
93.  
94.            // validating email address
95.            validateEmail($email);
96.  
97.            $db = new DbHandler();
98.            $res = $db->createUser($name, $email, $password);
99.  
100.            if ($res == USER_CREATED_SUCCESSFULLY) {
101.                $response["error"] = false;
102.                $response["message"] = "You are successfully registered";
103.                echoRespnse(201, $response);
104.            } else if ($res == USER_CREATE_FAILED) {
105.                $response["error"] = true;
106.                $response["message"] = "Oops! An error occurred while registereing";
107.                echoRespnse(200, $response);
108.            } else if ($res == USER_ALREADY_EXISTED) {
109.                $response["error"] = true;
110.                $response["message"] = "Sorry, this email already existed";
111.                echoRespnse(200, $response);
112.            }
113.        });
114. /**
115. * User Login
116. * url - /login
117. * method - POST
118. * params - email, password
119. */
120. $app->post('/login', function() use ($app) {
121.            // check for required params
122.            verifyRequiredParams(array('email', 'password'));
123.  
124.            // reading post params
125.            $email = $app->request()->post('email');
126.            $password = $app->request()->post('password');
127.            $response = array();
128.  
129.            $db = new DbHandler();
130.            // check for correct email and password
131.            if ($db->checkLogin($email, $password)) {
132.                // get the user by email
133.                $user = $db->getUserByEmail($email);
134.  
135.                if ($user != NULL) {
136.                    $response["error"] = false;
137.                    $response['name'] = $user['name'];
138.                    $response['email'] = $user['email'];
139.                    $response['apiKey'] = $user['api_key'];
140.                    $response['createdAt'] = $user['created_at'];
141.                } else {
142.                    // unknown error occurred
143.                    $response['error'] = true;
144.                    $response['message'] = "An error occurred. Please try again";
145.                }
146.            } else {
147.                // user credentials are wrong
148.                $response['error'] = true;
149.                $response['message'] = 'Login failed. Incorrect credentials';
150.            }
151.  
152.            echoRespnse(200, $response);
153.        });
154. /**
155. * Adding Middle Layer to authenticate every request
156. * Checking if the request has valid api key in the 'Authorization' header
157. */
158. function authenticate(\Slim\Route $route) {
159.    // Getting request headers
160.    $headers = apache_request_headers();
161.    $response = array();
162.    $app = \Slim\Slim::getInstance();
163.  
164.    // Verifying Authorization Header
165.    if (isset($headers['Authorization'])) {
166.        $db = new DbHandler();
167.  
168.        // get the api key
169.        $api_key = $headers['Authorization'];
170.        // validating api key
171.        if (!$db->isValidApiKey($api_key)) {
172.            // api key is not present in users table
173.            $response["error"] = true;
174.            $response["message"] = "Access Denied. Invalid Api key";
175.            echoRespnse(401, $response);
176.            $app->stop();
177.        } else {
178.            global $user_id;
179.            // get user primary key id
180.            $user = $db->getUserId($api_key);
181.            if ($user != NULL)
182.                $user_id = $user["id"];
183.        }
184.    } else {
185.        // api key is missing in header
186.        $response["error"] = true;
187.        $response["message"] = "Api key is misssing";
188.        echoRespnse(400, $response);
189.        $app->stop();
190.    }
191. }
192.  
193. /**
194. * Creating new task in db
195. * method POST
196. * params - name
197. * url - /tasks/
198. */
199. $app->post('/tasks', 'authenticate', function() use ($app) {
200.            // check for required params
201.            verifyRequiredParams(array('task'));
202.  
203.            $response = array();
204.            $task = $app->request->post('task');
205.  
206.            global $user_id;
207.            $db = new DbHandler();
208.  
209.            // creating new task
210.            $task_id = $db->createTask($user_id, $task);
211.  
212.            if ($task_id != NULL) {
213.                $response["error"] = false;
214.                $response["message"] = "Task created successfully";
215.                $response["task_id"] = $task_id;
216.            } else {
217.                $response["error"] = true;
218.                $response["message"] = "Failed to create task. Please try again";
219.            }
220.            echoRespnse(201, $response);
221.        });
222.  
223. /**
224. * Listing all tasks of particual user
225. * method GET
226. * url /tasks          
227. */
228. $app->get('/tasks', 'authenticate', function() {
229.            global $user_id;
230.            $response = array();
231.            $db = new DbHandler();
232.  
233.            // fetching all user tasks
234.            $result = $db->getAllUserTasks($user_id);
235.  
236.            $response["error"] = false;
237.            $response["tasks"] = array();
238.  
239.            // looping through result and preparing tasks array
240.            while ($task = $result->fetch_assoc()) {
241.                $tmp = array();
242.                $tmp["id"] = $task["id"];
243.                $tmp["task"] = $task["task"];
244.                $tmp["status"] = $task["status"];
245.                $tmp["createdAt"] = $task["created_at"];
246.                array_push($response["tasks"], $tmp);
247.            }
248.  
249.            echoRespnse(200, $response);
250.        });
251.  
252. /**
253. * Listing single task of particual user
254. * method GET
255. * url /tasks/:id
256. * Will return 404 if the task doesn't belongs to user
257.  */
258. $app->get('/tasks/:id', 'authenticate', function($task_id) {
259.             global $user_id;
260.             $response = array();
261.             $db = new DbHandler();
262.  
263.             // fetch task
264.             $result = $db->getTask($task_id, $user_id);
265.  
266.             if ($result != NULL) {
267.                 $response["error"] = false;
268.                 $response["id"] = $result["id"];
269.                 $response["task"] = $result["task"];
270.                 $response["status"] = $result["status"];
271.                 $response["createdAt"] = $result["created_at"];
272.                 echoRespnse(200, $response);
273.             } else {
274.                 $response["error"] = true;
275.                 $response["message"] = "The requested resource doesn't exists";
276.                 echoRespnse(404, $response);
277.             }
278.         });
279.  
280. /**
281.  * Updating existing task
282.  * method PUT
283.  * params task, status
284.  * url - /tasks/:id
285.  */
286. $app->put('/tasks/:id', 'authenticate', function($task_id) use($app) {
287.             // check for required params
288.             verifyRequiredParams(array('task', 'status'));
289.  
290.             global $user_id;            
291.             $task = $app->request->put('task');
292.             $status = $app->request->put('status');
293.  
294.             $db = new DbHandler();
295.             $response = array();
296.  
297.             // updating task
298.             $result = $db->updateTask($user_id, $task_id, $task, $status);
299.             if ($result) {
300.                 // task updated successfully
301.                 $response["error"] = false;
302.                 $response["message"] = "Task updated successfully";
303.             } else {
304.                 // task failed to update
305.                 $response["error"] = true;
306.                 $response["message"] = "Task failed to update. Please try again!";
307.             }
308.             echoRespnse(200, $response);
309.         });
310.  
311. /**
312.  * Deleting task. Users can delete only their tasks
313.  * method DELETE
314.  * url /tasks
315.  */
316. $app->delete('/tasks/:id', 'authenticate', function($task_id) use($app) {
317.             global $user_id;
318.  
319.             $db = new DbHandler();
320.             $response = array();
321.             $result = $db->deleteTask($user_id, $task_id);
322.             if ($result) {
323.                 // task deleted successfully
324.                 $response["error"] = false;
325.                 $response["message"] = "Task deleted succesfully";
326.             } else {
327.                 // task failed to delete
328.                 $response["error"] = true;
329.                 $response["message"] = "Task failed to delete. Please try again!";
330.             }
331.             echoRespnse(200, $response);
332.         });
333.  
334. $app->run();
335.  
336. ?>