penguin86/OpenWeddingApp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Webservices

Browse Source
This commit is contained in:
Daniele Verducci
2026-01-31 18:01:24 +01:00
parent e1c752fcf8
commit 2d2fc24d71
35 changed files with 3531 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
services/www/api/token/create.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
include_once '../../config/database.php';
include_once '../objects/token.php';
include_once '../objects/user.php';
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
http_response_code(400);
echo json_encode(array("error" => "Method not accepted."));
exit();
}
$database = new Database();
$db = $database->getConnection();
$token = new Token($db);
// get posted data
$data = json_decode(file_get_contents("php://input"));
if(!empty($data->code)){
// Check user existence
$query = "SELECT * FROM user WHERE UPPER(code) = UPPER(:code) LIMIT 1";
$stmt = $db->prepare($query);
$stmt->bindParam(":code", $data->code);
if($stmt->execute()){
if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
// User found
$token->userId = $row['id'];
$token->user = User::createFromRow($row);
if($token->create()){
// set response code - 201 created
http_response_code(201);
echo json_encode($token);
} else {
// unable to create
http_response_code(500);
echo json_encode(array("error" => "Unable to create Token."));
}
} else {
// User not found
// Wait 5 secs to slow down bruteforce attacks
sleep(5);
http_response_code(404);
echo json_encode(array("error" => "Unable to create Token. User not found."));
}
}
} else {
// Missing parameters
http_response_code(400);
echo json_encode(array("error" => "Unable to create Token. code is mandatory."));
}
?>