Skip to content
Snippets Groups Projects
Commit 4d68c3d7 authored by Sebastian Rosauer's avatar Sebastian Rosauer
Browse files

new validation system

parent 41e90d3c
No related branches found
No related tags found
1 merge request!1Merge Version 2
Hide whitespace changes
Inline Side-by-side
Showing
with 87 additions and 46 deletions
public/we_tasks/task12/navigator_services/content-update-service.php
+ 15
20
View file @ 4d68c3d7
......@@ -3,33 +3,23 @@
include 'session-service.php';
include 'validation-service.php';
if (!isset($_POST['sessionId']) || !isset($_POST['title']) || !isset($_POST['directory']) || !isset($_POST['content'])){
$validation = checkRequest(['sessionId', 'title', 'directory', 'content']);
if ($validation !== true) {
$payload = [
'success' => false,
'message' => 'Formulardaten ungültig'
'message' => $validation
];
http_response_code(400);
exit(json_encode($payload));
}
if (pref_match('/^[0-9a-zA-Z.]*$/', $_POST['sessionId']) != 1){
$user = getUserByID($_POST['sessionId']);
if (!$user){
$payload = [
'success' => false,
'message' => 'SitzungsId ungültig'
];
exit(json_encode($payload));
}
if (preg_match('/^\/[a-zA-z0-9\-_]*(?:\/[a-zA-z0-9\-_]+)*$/', $_POST['directory']) != 1){
$payload = [
'success' => false,
'message' => 'Verzeichnis ungültig'
];
exit(json_encode($payload));
}
if (preg_match('/^[a-zA-z0-9\-_]+$/', $_POST['title']) != 1){
$payload = [
'success' => false,
'message' => 'Dateiname ungültig'
'message' => 'Authentifizierung erforderlich'
];
http_response_code(401);
exit(json_encode($payload));
}
......@@ -37,11 +27,12 @@
$file = false;
if (file_exists($filename)){
$file = json_decode(file_get_contents($filename), true);
if ($file['author'] != getUserByID($_POST['sessionId'])){
if ($file['author'] != $user){
$payload = [
'success' => false,
'message' => 'Keine Berechtigung'
];
http_response_code(403);
exit(json_encode($payload));
}
}
......@@ -60,13 +51,16 @@
'success' => true,
'message' => 'Dokument wurde gelöscht'
];
http_response_code(200);
} else {
$payload = [
'success' => true,
'message' => 'Dokument wurde aktualisiert'
];
http_response_code(200);
if (!$file){
$payload['message'] = 'Dokument wurde angelegt';
http_response_code(201);
}
if (!file_exists($assetsDir.'/docs'.$_POST['directory'])){
mkdir($assetsDir.'/docs'.$_POST['directory'], 0777, true);
......@@ -75,7 +69,7 @@
$fileContent = [
'directory' => $_POST['directory'],
'title' => $_POST['title'],
'author' => getUserByID($_POST['sessionId']),
'author' => $user,
'content' => $_POST['content']
];
$file = fopen($filename, 'w');
......@@ -83,4 +77,5 @@
fclose($file);
}
http_response_code(200);
exit(json_encode($payload));
\ No newline at end of file
public/we_tasks/task12/navigator_services/get-file-service.php
+ 8
3
View file @ 4d68c3d7
<?php
include 'config.php';
include 'session-service.php';
include 'validation-service.php';
if (!isset($_POST['fileId'])){
$validation = checkRequest(['fileId']);
if ($validation !== true){
$payload = [
'success' => false,
'message' => 'Es wird eine fileId benötigt'
'message' => '$validation'
];
http_response_code(400);
exit(json_encode($payload));
}
......@@ -14,8 +17,9 @@
if (!file_exists($filePath) || is_dir($filePath)){
$payload = [
'success' => false,
'message' => 'Datei '.$_POST['fileId'].' nicht gefunden'
'message' => 'Dokument nicht gefunden'
];
http_response_code(404);
exit(json_encode($payload));
}
......@@ -24,4 +28,5 @@
'success' => true,
'file' => $file
];
http_response_code(200);
exit(json_encode($payload));
\ No newline at end of file
public/we_tasks/task12/navigator_services/login-service.php
+ 12
1
View file @ 4d68c3d7
<?php
include 'config.php';
include 'session-service.php';
include 'validation-service.php';
$validation = checkRequest(['accountname', 'password']);
if ($validation !== true){
$payload = [
'success' => false,
'message' => $validation
];
http_response_code(400);
exit(json_encode($payload));
}
$saltFile = fopen($assetsDir.'/salt', 'r');
$salt = fread($saltFile, 128);
......@@ -29,6 +38,7 @@
} else {
$payload['message'] = 'Account '.$_POST['accountname'].' ist bereits angemeldet';
}
http_response_code(200);
exit(json_encode($payload));
}
}
......@@ -36,4 +46,5 @@
'success' => false,
'message' => 'Account oder Passwort nicht gefunden.',
];
http_response_code(401);
exit(json_encode($payload));
\ No newline at end of file
public/we_tasks/task12/navigator_services/logout-service.php
+ 21
17
View file @ 4d68c3d7
<?php
include 'session-service.php';
include 'config.php';
include 'validation-service.php';
if (isset($_POST['sessionId'])){
if (logout($_POST['sessionId'])){
$payload = [
'success' => true,
'message' => 'Erfolgreich abgemeldet'
];
exit(json_encode($payload));
} else {
$payload = [
'success' => true,
'message' => 'Account hat keine offene Sitzung'
];
}
$validation = checkRequest(['sessionId']);
if ($validation !== true){
$payload = [
'success' => false,
'message' => $validation
];
http_response_code(400);
exit(json_encode($payload));
}
$payload = [
'success' => false,
'message' => 'Es wird eine sessionId benötigt'
];
if (logout($_POST['sessionId'])){
$payload = [
'success' => true,
'message' => 'Erfolgreich abgemeldet'
];
} else {
$payload = [
'success' => true,
'message' => 'Account hat keine offene Sitzung'
];
}
http_response_code(200);
exit(json_encode($payload));
\ No newline at end of file
public/we_tasks/task12/navigator_services/register-service.php
+ 14
1
View file @ 4d68c3d7
<?php
include 'config.php';
include 'validation-service.php';
$validation = checkRequest(['accountname', 'password', 'nickname', 'email', 'status']);
if ($validation !== true){
$payload = [
'success' => false,
'message' => $validation
];
http_response_code(400);
exit(json_encode($payload));
}
$saltFile = fopen($assetsDir.'/salt', 'r');
$salt = fread($saltFile, 128);
......@@ -14,6 +25,7 @@
'success' => false,
'message' => 'Der Account '.$_POST['accountname'].' exisitert bereits. Bitte wähle einen anderen Namen.'
];
http_response_code(400);
exit(json_encode($payload));
}
}
......@@ -31,6 +43,7 @@
$payload = [
'success' => true,
'message' => 'Dein Account wurde erfolgreich angelegt.'
'message' => 'Der Account wurde erfolgreich angelegt.'
];
http_response_code(200);
exit(json_encode($payload));
\ No newline at end of file
public/we_tasks/task12/navigator_services/validation-service.php
+ 17
4
View file @ 4d68c3d7
......@@ -6,14 +6,27 @@
return "Formulardaten ungültig";
}
if ($param == 'sessionId' && pref_match('/^[0-9a-zA-Z.]*$/', $_POST['sessionId']) != 1){
return "SitzungsId ungültig";
if ($param == 'sessionId' && preg_match('/^[0-9a-zA-Z.]*$/', $_POST['sessionId']) != 1){
return "sessionId ungültig";
}
if ($param == 'title' && preg_match('/^[a-zA-z0-9\-_]+$/', $_POST['title']) != 1){
return "Dateiname ungültig";
return "title ungültig";
}
if ($param == 'directory' && preg_match('/^\/[a-zA-z0-9\-_]*(?:\/[a-zA-z0-9\-_]+)*$/', $_POST['directory']) != 1) {
return "Vezeichnis ungültig";
return "directory ungültig";
}
if ($param == 'fileId' && preg_match('/^\/[a-zA-z0-9\-_]*(?:\/[a-zA-z0-9\-_]+)*$/', $_POST['fileId']) != 1){
return "fileId ungültig";
}
if ($param == 'accountname' && preg_match('/^[0-9a-zA-Z_\-]+$/', $_POST['accountname']) != 1){
return "accountname ungültig";
}
if ($param == 'nickname' && preg_match('/^[0-9a-zA-Z_\- ]+$/', $_POST['nickname']) != 1){
return "nickname ungültig";
}
if ($param == 'email' && ($_POST['email'] != '' && preg_match('/.+@.+/', $_POST['email']) != 1)){
return "email ungültig";
}
}
return true;
}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment