CSCI 2006 - Spring 2024 - Server-Side ProgrammingLab #9 - Users and SessionsSolution

Solution

index.php

<?php

date_default_timezone_set('America/Chicago');
session_start();
$date_string = date('Y-m-d H:i');

require('language.php');

$title = '404 Error';
$body = '<h2>404 Error</h2><p>The requested page was not available</p>';

if (!isset($_GET['pg'])) { 
	$_GET['pg'] = 'login'; 
}

switch ($_GET['pg']) {
	case 'logoff':
		unset($_SESSION['user']);
	case 'login':
		$msg = '';
		if (isset($_POST['user'])) {
			/* An attempt to login */
			$uinfo = getData('SELECT * FROM `User` WHERE `username`=?', [$_POST['user']['name']]);
			if (isset($uinfo['passhash']) && password_verify($_POST['user']['pass'],$uinfo['passhash'])) {
				unset($uinfo['passhash']);
				$_SESSION['user']=$uinfo;
			} else {
				$msg = 'Login was not successful';
			}
		}

		if (isset($_SESSION['user'])) {
			$title = 'Home';
			$body  = '<h2>Welcome, '.$_SESSION['user']['display'].'</h2>'.
				'<a href="?pg=logoff">Log Off</a>';
		} else {
			$title = 'Login';
			$body  = ((strlen($msg)==0)?'':'<h3>'.$msg.'</h3>'). 
				'<form method="POST" action="?">'.
				'<label for="user">Username</label>'.
				'<input id="user" type="text" name="user[name]" />'.
				'<br>'.
				'<label for="pass">Password</label>'.
				'<input id="pass" type="password" name="user[pass]" />'.
				'<br>'.
				'<input type="submit" value="Submit" />'.
				'<br>'.
				'</form>';
		}
	default:
		$title = 'Programming Languages';
		$lang = new Language($_GET['pg']);
		if ($lang->isDefined($_SESSION['user']['type']??'any')) {
			$title = $lang->getName();
			$body = $lang->toHTML();
		}
}

$allLangs = Language::getAllLanguages($_SESSION['user']['type']??'any');
$nav = '';
foreach ($allLangs as $key=>$disp) {
	$nav .= '<a href="?pg='.$key.'" class="'.(($_GET['pg']==$key)?'currentPage':'').'">'.$disp.'</a>';
}

?>
<!DOCTYPE html>
<html>
<head>
  <title><?php echo $title; ?></title>
  <link rel="stylesheet" href="/style.css" type="text/css" media="all">
</head>
<body>
  <header>
    <h1><a style="color:inherit" href="?">Programming Languages</a></h1>
    <nav><?php echo $nav; ?></nav>
  </header>
  <main>
  <?php echo $body; ?>
  </main>
  <script type="text/javascript" src="/theme/prism.js"></script>
  <footer>
    &copy;<?php echo $date_string; ?> - General Websites Inc.
  </footer>
</body>
</html>

language.php

<?php

function getData($query,$args=[]) {
        $DB = 'csci2006_languages';
        $USER = 'csci2006';
        $PASS = '9TfP4lxsxH1szKuA';

        try {
                $pdo = new PDO("mysql:host=localhost;dbname={$DB}",$USER,$PASS);
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	
		$rs = $pdo->prepare($query,[PDO::ATTR_CURSOR => PDO::CURSOR_SCROLL]);
        	$rs->setFetchMode(PDO::FETCH_NAMED);
		$rs->execute($args);

		$data = [];
		while ($row = $rs->fetch()) {
			$data[] = $row;
		}

		unset($DB);
		unset($USER);
		unset($PASS);
		unset($rs);
		unset($pdo);

		if (count($data) == 1 && isset($data[0])) {
			return $data[0];
		}
		return $data;
        } catch (PDOException $e) {
		echo '<h2>Database Error</h2>';
		echo '<pre>'.$e->getMessage().'</pre>';
		echo '<pre>QUERY: '.$query.'</pre>';
		echo '<pre>ARGS: '.var_export($args,true).'</pre>';
                die();
        }
}


class Language {
	private $data = [];

	public function __construct($key) {
		$this->data = getData('SELECT *'.
			' FROM `language`'.
			' WHERE `language_slug`=?',
			[$key]);
		if (count($this->data) > 0) {
			$this->data['desc'] = getData('SELECT `desc_paragraph`'.
				' FROM `description`'.
				' WHERE `desc_lang`=?'.
				' ORDER BY `desc_ordinal`',
				[$this->data['lang_id']]);
		} else {
			$this->data = null;
		}
	}

	public function isDefined($level) {
		if ($this->data !== null) {
			switch ($level) {
			case 'adv': return in_array($this->data['user_type'],['adv','reg','any']);
			case 'reg': return in_array($this->data['user_type'],[      'reg','any']);
			case 'any': return $this->data['user_type']=='any';
			}
		}
		return false;
	}

	public function getName() {
		return $this->data['language_name'];
	}

	public function toHTML() {
		$html = '';
		foreach ($this->data['desc'] as $line) {
			$html .= '<p>'.$line['desc_paragraph'].'</p>';
		}
		$html .= '<h2>Example</h2>'.
			'<pre class="language-'.$this->data['language_highlighter'].' line-numbers"><code class="language-'.$this->data['language_highlighter'].'">'.
			htmlentities($this->data['language_example']).
			'</code></pre>';
		return $html;
	}

	public static function getAllLanguages($level) {
		$data = getData('SELECT `language_slug`, `language_name`, `user_type`'.
			' FROM `language`'.
			' ORDER BY `language_name`');
		$rs = [];
		foreach ($data as $info) {
			switch ($info['user_type']) {
			case 'adv':
				if ($level != 'adv') { break; }
			case 'reg':
				if ($level != 'adv' && $level != 'reg') { break; }
			case 'any':
				$rs[$info['language_slug']] = $info['language_name'];
			}
		}
		return $rs;
	}
}

?>
Go To Live Site