před 9 roky · 0741c4fdac
--- a/api/auth-validate.php
+++ b/api/auth-validate.php
@@ -0,0 +1,11 @@
 
				+<?php
			
 
				+
			
 
				+@session_start();
			
 
				+
			
 
				+if(!$_SESSION['id_user'])
			
 
				+{
			
 
				+	http_response_code(401);
			
 
				+	return;
			
 
				+}
			
 
				+
			
 
				+?>
			
--- a/api/getCompanyData.php
+++ b/api/getCompanyData.php
@@ -2,7 +2,14 @@
 
				 
			
 
				 include 'db.inc.php';
			
 
				 
			
 
				-$id_company = 1;
			
 
				+$id_company = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
			
 
				+
			
 
				+if(!$id_company)
			
 
				+{
			
 
				+	http_response_code(400);
			
 
				+	echo 'missing parameter: id';
			
 
				+	return;
			
 
				+}
			
 
				 
			
 
				 
			
 
				 //get all companies
			
@@ -12,21 +19,21 @@ $id_company = 1;
 
				 
			
 
				 $stmt_file = $dbh->prepare(
			
 
				 	"SELECT
			
 
				-		file_row.id_file_row, file_row.row_number,
			
 
				-		file_row.division, file_row.consignee,
			
 
				-		DATE_FORMAT(file_row.date_called_in, '%m/%d/%Y') date_called_in,
			
 
				+		id_file_row, row_number,
			
 
				+		division, consignee,
			
 
				+		DATE_FORMAT(date_called_in, '%m/%d/%Y') date_called_in,
			
 
				 		
			
 
				-		file_row.dispatch_number, file_row.shipper,
			
 
				-		DATE_FORMAT(file_row.date_ready, '%m/%d/%Y') date_ready,
			
 
				-		file_row.address_1, file_row.address_2, file_row.city, file_row.state, file_row.zip, file_row.phone,
			
 
				+		dispatch_number, shipper,
			
 
				+		DATE_FORMAT(date_ready, '%m/%d/%Y') date_ready,
			
 
				+		address_1, address_2, city, state, zip, phone,
			
 
				 		
			
 
				-		TIME_FORMAT(file_row.time_ready, '%H:%i %p'),
			
 
				-		TIME_FORMAT(file_row.time_close, '%H:%i %p'),
			
 
				-		TIME_FORMAT(file_row.time_pickup, '%H:%i %p'),
			
 
				-		TIME_FORMAT(file_row.time_depart, '%H:%i %p'),
			
 
				-		file_row.bol_delivered,
			
 
				-		file_row.dispatch_reference,
			
 
				-		file_row.ctns, file_row.weight, file_row.cube
			
 
				+		TIME_FORMAT(time_ready, '%H:%i %p') time_ready,
			
 
				+		TIME_FORMAT(time_close, '%H:%i %p') time_close,
			
 
				+		TIME_FORMAT(time_pickup, '%H:%i %p') time_pickup,
			
 
				+		TIME_FORMAT(time_depart, '%H:%i %p') time_depart,
			
 
				+		bol_delivered,
			
 
				+		dispatch_reference,
			
 
				+		ctns, weight, cube
			
 
				 
			
 
				 	FROM file_row
			
 
				 	INNER JOIN file USING(id_file)
			
--- a/api/login.php
+++ b/api/login.php
@@ -0,0 +1,50 @@
 
				+<?php
			
 
				+
			
 
				+include 'db.inc.php';
			
 
				+
			
 
				+@session_start();
			
 
				+
			
 
				+
			
 
				+//pull auth parameters
			
 
				+$email = isset($_REQUEST['email']) ? $_REQUEST['email'] : null;
			
 
				+$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : null;
			
 
				+
			
 
				+//make sure parameters are present
			
 
				+if(!$email || !$password)
			
 
				+{
			
 
				+	http_response_code(400);
			
 
				+	echo 'missing parameters: email or password';
			
 
				+	return;
			
 
				+}
			
 
				+
			
 
				+//pull info on user from database
			
 
				+$stmt_file = $dbh->prepare("SELECT id_user, name, password FROM user WHERE email=:email");
			
 
				+$stmt_file->bindValue(':email', $email);
			
 
				+$stmt_file->execute();
			
 
				+$rows = $stmt_file->fetchAll(PDO::FETCH_ASSOC);
			
 
				+
			
 
				+//check if user missing
			
 
				+if(!count($rows))
			
 
				+{
			
 
				+	http_response_code(404);
			
 
				+	echo 'user not found';
			
 
				+	return;
			
 
				+}
			
 
				+
			
 
				+//validate password entered
			
 
				+if(!password_verify($password, $rows[0]['password']))
			
 
				+{
			
 
				+	http_response_code(403);
			
 
				+	echo 'invalid password';
			
 
				+	return;
			
 
				+}
			
 
				+
			
 
				+//set session vars for future calls
			
 
				+$_SESSION['id_user'] = $rows[0]['id_user'];
			
 
				+$_SESSION['name'] = $rows[0]['name'];
			
 
				+
			
 
				+//
			
 
				+echo 'OK';
			
 
				+
			
 
				+
			
 
				+?>
			
--- a/api/logout.php
+++ b/api/logout.php
@@ -0,0 +1,15 @@
 
				+<?php
			
 
				+
			
 
				+@session_start();
			
 
				+
			
 
				+if(!isset($_SESSION['id_user']))
			
 
				+{
			
 
				+	echo 'not logged in';
			
 
				+	return;
			
 
				+}
			
 
				+
			
 
				+@session_destroy();
			
 
				+
			
 
				+echo 'logged out';
			
 
				+
			
 
				+?>
			
--- a/api/updateCell.php
+++ b/api/updateCell.php
@@ -1,5 +1,25 @@
 
				 <?php
			
 
				 
			
 
				-$id_record
			
 
				+require('auth-validate.php');
			
 
				+
			
 
				+$id_user = 
			
 
				+
			
 
				+$id_file_row = isset($_REQUEST['id_file_row']) ? $_REQUEST['id_file_row'] : null;
			
 
				+$key = isset($_REQUEST['key']) ? $_REQUEST['key'] : null;
			
 
				+$value = isset($_REQUEST['value']) ? $_REQUEST['value'] : null;
			
 
				+
			
 
				+
			
 
				+$stmt_file = $dbh->prepare(
			
 
				+	"INSERT INTO file_row_update (id_file_row, key, value, id_user)
			
 
				+	VALUES()
			
 
				+	id_company, name, description
			
 
				+	FROM company");
			
 
				+							
			
 
				+$stmt_file->execute();
			
 
				+
			
 
				+$rows = $stmt_file->fetchAll(PDO::FETCH_ASSOC);
			
 
				+
			
 
				+echo 'OK';
			
 
				+
			
 
				 
			
 
				 ?>