Copying files for database access.

050d5d4c · michael lundquist · 050d5d4c · 050d5d4c · 050d5d4c · 050d5d4c
Commit 050d5d4c authored Nov 13, 2018 by michael lundquist
--- a/API.php
+++ b/API.php
--- a/SQLlogin.php
+++ b/SQLlogin.php
+<?php
+/*
+to import, use "source ..." use full path, dont use ";", use ".sql" @ the end
+
+to describe a table in mysql:
+	mysql> desc employee;
+
+to describe in green geeks:
+
+table> select a table> structure
+
+checked tables:
+	employee
+		change pw to a 64 byte hash
+			https://stackoverflow.com/questions/14722305/what-kind-of-datatype-should-one-use-to-store-hashes
+			use sha2_512 for PW hashes
+			https://stackoverflow.com/questions/1966154/sha-512-library-for-php
+	jobs
+
+	market
+	schedule is the same, but add some fields to it
+		EMP_ID here is the admin
+	shift
+		chttp://php.net/manual/en/function.mktime.php
+		mktime gets a timestamp for a time
+
+
+
+to add to schedule:
+	
+	-delete accounts that never set the password through the email
+		add a cron job to delete fake user accounts:
+		https://code.tutsplus.com/tutorials/managing-cron-jobs-with-php--net-19428
+
+
+
+
+this page connects to the SQL server. It includes 
+the username and password, which are private.
+Hence, it won't be put on the public web server.
+
+http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
+*/
+include_once(dirname(__FILE__)."../configNuts.php");
+
+function SQLlogin(){
+	$server = "localhost";
+	$username = "root";
+	$password = "root";
+
+	if(strstr(PHP_ROOT,"nuts") === FALSE){
+		//greengeeks credentials
+
+		$server = "mynutrients123.com";
+		$username = "sellmysh";
+		$password = "j8C4Rrh5f9";
+		
+	}
+	$con = new mysqli($server,$username,$password);
+	$con->select_db("sellmysh_nuts");//TRUE on success, FALSE on fail
+	return $con;
+}
+
+/*
+closes the connection
+*/
+function SQLclose($conn){
+	$conn->close();
+}
+
+
+?>
\ No newline at end of file
--- a/configNuts.php
+++ b/configNuts.php
+<?php
+//configure the database name?
+if(is_dir(dirname(__FILE__)."/../nuts/nutrition")){
+	//localhost
+	define("PHP_ROOT", $_SERVER["DOCUMENT_ROOT"]."/nuts/nutrition");
+	define("HTML_ROOT", "/nuts/nutrition");
+	define("URL", "http://localhost/nuts/nutrition/");
+}elseif(is_dir(dirname(__FILE__)."/../public_html")){
+	//SMS
+	define("PHP_ROOT", $_SERVER["DOCUMENT_ROOT"]);
+	define("HTML_ROOT", "");
+	define("URL", "https://mynutrients123.com/");//can't be www. this is a different domain (cert won't work)
+}else{
+	exit("configME 2 failure in configNuts.php");
+}
+
+//https://stackoverflow.com/questions/22912121/php-include-absolute-path
+
+
+/*
+Notes to self:
+	header looks for relative links starting in this directory (SMSsecrets\capcha)
+	if you don't specify the protocol, this thinks your link is relative
+
+NOte: 
+*/
+function linkNdie($failure_link, $message = "captcha unsuccessful, try again "){
+	header("Location: ".$failure_link, TRUE);
+	exit($message.$failure_link);
+}
+?>
\ No newline at end of file
--- a/exceptions.php
+++ b/exceptions.php
+<?php 
+/*
+a custom exception for when a PK exists already
+
+codes:
+	200 -- already PK exists
+	201 -- PK doesn't exist
+
+email codes:
+	202 - email is invalid (not in the normal "/*@*\.{1,3}/" pattern or whatever it is)
+*/
+class PKexception extends Exception{
+	
+}
+
+/*
+for various login related issues:
+codes:
+	300 -- too many failed logins
+	302 -- unverified account
+*/
+class LoginException extends Exception{
+
+}
+
+/*
+for queryPrep problems
+codes:
+	400 - noResultSQL
+	401 - resultQuery
+	403 - other functions
+*/
+class PrepException extends Exception{
+
+}
+?>
\ No newline at end of file
--- a/queryPrep.php
+++ b/queryPrep.php
+<?php
+/*
+splat operator (...) :
+	http://coursesweb.net/php-mysql/splat-operator-php_t
+	https://stackoverflow.com/questions/744145/passing-an-array-as-arguments-not-an-array-in-php
+		splat for older versions
+*/
+
+/*
+	runs a prepared query and returns a result
+
+	call RESULT->FREE() on the result
+*/
+include_once(dirname(__FILE__)."/SQLlogin.php");
+include_once(dirname(__FILE__)."../exceptions.php");
+
+
+function resultQuery($queryString, $paramArr, $paramTypes = NULL){
+	$con = SQLlogin();
+	//echo "hello 1";
+	$errorCode = 0;
+	if($stmt = $con->prepare($queryString)){// no terminating ;
+		if(sizeof($paramArr)>0){
+			$paramTypes = getParamTypes($paramArr);
+			$stmt->bind_param($paramTypes, ...$paramArr);
+		}
+		$stmt->execute();
+		$result = $stmt->get_result();
+		$stmt->close();
+	}else{
+		$errorCode = 400;//statement prep error
+	}
+	SQLclose($con);
+	if($errorCode !== 0) throw new PrepException("resultQuery exception", 401);
+	return $result;
+}
+
+/*
+	runs a statement, but doesn't return a result
+*/
+function noResultSQL($SQLstring, $paramArr, $paramTypes = NULL){
+    $con = SQLlogin();
+    //echo "hello no 1";
+    $worked = TRUE;
+    if($stmt = $con->prepare($SQLstring)){
+    	if(sizeof($paramArr)>0){
+			$paramTypes = getParamTypes($paramArr, $paramTypes);		
+			$stmt->bind_param($paramTypes, ...$paramArr);
+		}
+        $stmt->execute();
+        $stmt->close();
+    }else{
+        $worked = 400;//statement prep error 
+    }
+    SQLclose($con);
+	if($worked !== TRUE) throw new PrepException("noResultSQL exception", 400);
+}
+
+/*
+THIS DOESN'T HANDLE BLOB URLS
+
+This takes an array of parameters and returns a string 
+that has a character for each parameter from one of the following:
+	i 	for integer
+	d 	for double
+	s 	for string
+	b 	for blob
+
+this is used a the first param in bind_param
+*/
+function getParamTypes($paramArr, $paramTypes = NULL){
+	if ($paramTypes !== NULL) return $paramTypes;
+	$retStr = "";
+	foreach($paramArr as $v){
+		if(is_int($v)){
+			$retStr .= "i";
+		}elseif(is_double($v)){
+			$retStr .= "d";
+		}elseif(is_string($v)){
+			$retStr .= "s";
+		}else{
+			echo $v."<br>@ queryPrep.getParamTypes()";
+			print_r($paramArr);
+			throw new assertionError();
+		}
+		//add blob here when you need it
+	}
+	return $retStr;
+}
+
+?>
\ No newline at end of file