Compare commits


No commits in common. "992b4d95ed9e04ab7d3af268f666714279e868a2" and "c22e7f41b1ce30eed575d43d17934006b8f12e93" have entirely different histories.

13 changed files with 83 additions and 726 deletions

View File

@ -11,8 +11,6 @@
"laminas/laminas-httphandlerrunner": "^2.0",
"selective/samesite-cookie": "^0.3.0",
"ext-json": "*",
"slim/slim": "^4.10",
"rbdwllr/psr-jwt": "^2.0",
"tuupola/slim-jwt-auth": "^3.6"
"slim/slim": "^4.10"

composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at",
"This file is @generated automatically"
"content-hash": "79f27ef0ad8fb8ffff7e6726df8c1f79",
"content-hash": "bbd0a827a6d61bc9032697dbd94a5045",
"packages": [
"name": "fig/http-message-util",
@ -62,63 +62,6 @@
"time": "2020-11-24T22:02:12+00:00"
"name": "firebase/php-jwt",
"version": "v5.5.1",
"source": {
"type": "git",
"url": "",
"reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
"dist": {
"type": "zip",
"url": "",
"reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
"shasum": ""
"require": {
"php": ">=5.3.0"
"require-dev": {
"phpunit/phpunit": ">=4.8 <=9"
"suggest": {
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
"type": "library",
"autoload": {
"psr-4": {
"Firebase\\JWT\\": "src"
"notification-url": "",
"license": [
"authors": [
"name": "Neuman Vong",
"email": "",
"role": "Developer"
"name": "Anant Narayanan",
"email": "",
"role": "Developer"
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "",
"keywords": [
"support": {
"issues": "",
"source": ""
"time": "2021-11-08T20:18:51+00:00"
"name": "guzzlehttp/psr7",
"version": "2.4.0",
@ -1403,130 +1346,6 @@
"time": "2019-03-08T08:55:37+00:00"
"name": "rbdwllr/psr-jwt",
"version": "2.0.1",
"source": {
"type": "git",
"url": "",
"reference": "c32c7ee4c86fe30a7f38ba4763ef8793ad60b1bb"
"dist": {
"type": "zip",
"url": "",
"reference": "c32c7ee4c86fe30a7f38ba4763ef8793ad60b1bb",
"shasum": ""
"require": {
"nyholm/psr7": "^1.5",
"php": ">=7.4.0",
"psr/http-message": "^1.0",
"psr/http-server-middleware": "^1.0",
"rbdwllr/reallysimplejwt": "^4.0"
"require-dev": {
"infection/infection": "^0.20",
"mockery/mockery": "^1.5",
"phploc/phploc": "^7.0",
"phpmd/phpmd": "^2.12",
"phpstan/phpstan": "^1.5",
"phpstan/phpstan-mockery": "^1.0",
"phpunit/phpunit": "^9.0",
"sebastian/phpcpd": "^6.0",
"squizlabs/php_codesniffer": "^3.6"
"type": "library",
"autoload": {
"psr-4": {
"Tests\\": "tests/",
"PsrJwt\\": "src/"
"notification-url": "",
"license": [
"authors": [
"name": "Rob Waller",
"email": ""
"description": "A PSR 7 compliant JSON Web Token Middleware Library.",
"keywords": [
"json web tokens",
"support": {
"issues": "",
"source": ""
"time": "2022-06-11T13:28:17+00:00"
"name": "rbdwllr/reallysimplejwt",
"version": "4.0.3",
"source": {
"type": "git",
"url": "",
"reference": "2b92aba98c71cfc4046dea895659450bfce530ed"
"dist": {
"type": "zip",
"url": "",
"reference": "2b92aba98c71cfc4046dea895659450bfce530ed",
"shasum": ""
"require": {
"php": ">=7.4.0"
"require-dev": {
"infection/infection": "^0.20",
"phpbench/phpbench": "^1.0",
"phploc/phploc": "^7.0",
"phpmd/phpmd": "^2.9",
"phpstan/phpstan": "^0.12",
"phpunit/phpunit": "^9.5",
"sebastian/phpcpd": "^6.0",
"squizlabs/php_codesniffer": "^3.5"
"type": "library",
"autoload": {
"psr-4": {
"ReallySimpleJWT\\": "src/"
"notification-url": "",
"license": [
"authors": [
"name": "Rob Waller",
"email": ""
"description": "A really simple library to generate user authentication JSON Web Tokens.",
"keywords": [
"json web tokens",
"support": {
"issues": "",
"source": ""
"time": "2021-07-12T10:12:22+00:00"
"name": "selective/samesite-cookie",
"version": "0.3.0",
@ -1925,211 +1744,6 @@
"time": "2022-05-10T07:21:04+00:00"
"name": "tuupola/callable-handler",
"version": "1.1.0",
"source": {
"type": "git",
"url": "",
"reference": "0bc7b88630ca753de9aba8f411046856f5ca6f8c"
"dist": {
"type": "zip",
"url": "",
"reference": "0bc7b88630ca753de9aba8f411046856f5ca6f8c",
"shasum": ""
"require": {
"php": "^7.1|^8.0",
"psr/http-server-middleware": "^1.0"
"require-dev": {
"overtrue/phplint": "^1.0",
"phpunit/phpunit": "^7.0|^8.0|^9.0",
"squizlabs/php_codesniffer": "^3.2",
"tuupola/http-factory": "^0.4.0|^1.0",
"zendframework/zend-diactoros": "^1.6.0|^2.0"
"type": "library",
"autoload": {
"psr-4": {
"Tuupola\\Middleware\\": "src"
"notification-url": "",
"license": [
"authors": [
"name": "Mika Tuupola",
"email": "",
"homepage": "",
"role": "Developer"
"description": "Compatibility layer for PSR-7 double pass and PSR-15 middlewares.",
"homepage": "",
"keywords": [
"support": {
"issues": "",
"source": ""
"funding": [
"url": "",
"type": "github"
"time": "2020-09-09T08:31:54+00:00"
"name": "tuupola/http-factory",
"version": "1.4.0",
"source": {
"type": "git",
"url": "",
"reference": "ae3f8fbdd31cf2f1bbe920b38963c5e4d1e9c454"
"dist": {
"type": "zip",
"url": "",
"reference": "ae3f8fbdd31cf2f1bbe920b38963c5e4d1e9c454",
"shasum": ""
"require": {
"php": "^7.1|^8.0",
"psr/http-factory": "^1.0"
"conflict": {
"nyholm/psr7": "<1.0"
"provide": {
"psr/http-factory-implementation": "^1.0"
"require-dev": {
"http-interop/http-factory-tests": "^0.9.0",
"overtrue/phplint": "^3.0",
"phpunit/phpunit": "^7.0|^8.0|^9.0",
"squizlabs/php_codesniffer": "^3.0"
"type": "library",
"autoload": {
"psr-4": {
"Tuupola\\Http\\Factory\\": "src"
"notification-url": "",
"license": [
"authors": [
"name": "Mika Tuupola",
"email": "",
"homepage": "",
"role": "Developer"
"description": "Lightweight autodiscovering PSR-17 HTTP factories",
"homepage": "",
"keywords": [
"support": {
"issues": "",
"source": ""
"funding": [
"url": "",
"type": "github"
"time": "2021-09-14T12:46:25+00:00"
"name": "tuupola/slim-jwt-auth",
"version": "3.6.0",
"source": {
"type": "git",
"url": "",
"reference": "d9ed8bca77a0ef2a95ab48e65ddc26073b99c5ff"
"dist": {
"type": "zip",
"url": "",
"reference": "d9ed8bca77a0ef2a95ab48e65ddc26073b99c5ff",
"shasum": ""
"require": {
"firebase/php-jwt": "^3.0|^4.0|^5.0",
"php": "^7.1|^8.0",
"psr/http-message": "^1.0",
"psr/http-server-middleware": "^1.0",
"psr/log": "^1.0|^2.0|^3.0",
"tuupola/callable-handler": "^0.3.0|^0.4.0|^1.0",
"tuupola/http-factory": "^0.4.0|^1.0.2"
"require-dev": {
"equip/dispatch": "^2.0",
"laminas/laminas-diactoros": "^2.0",
"overtrue/phplint": "^1.0",
"phpstan/phpstan": "^0.12.43",
"phpunit/phpunit": "^7.0|^8.0|^9.0",
"squizlabs/php_codesniffer": "^3.4"
"type": "library",
"extra": {
"branch-alias": {
"dev-3.x": "3.0.x-dev"
"autoload": {
"psr-4": {
"Tuupola\\Middleware\\": "src"
"notification-url": "",
"license": [
"authors": [
"name": "Mika Tuupola",
"email": "",
"homepage": "",
"role": "Developer"
"description": "PSR-7 and PSR-15 JWT Authentication Middleware",
"homepage": "",
"keywords": [
"support": {
"issues": "",
"source": ""
"funding": [
"url": "",
"type": "github"
"time": "2022-01-12T11:15:02+00:00"
"packages-dev": [],

dist/api/config.php vendored Normal file
View File

@ -0,0 +1,21 @@
//////////// Config file /////////////////////
/// Used for storing important information ///
/// such as passwords, usernames etc. ///
function dbConn(): PDO|string
$host = "localhost";
$dbName = "u987021215_cms";
$username = "u987021215_rodude123";
$password = "pFHS5qKhkyaDumgf";
return new PDO("mysql:host=$host;dbname=$dbName", $username, $password);
catch (PDOException $e)
return "Connection failed: " . $e->getMessage();

dist/api/index.php vendored
View File

@ -1,4 +1,4 @@
<?php /** @noinspection PhpIncludeInspection */
////////////////// Index file //////////////
@ -7,30 +7,40 @@ session_start();
//require “routes.php”;
require "../vendor/autoload.php";
include "middleware.php";
include "timelineData.php";
include "projectData.php";
include "user.php";
use api\middleware;
use api\projectData;
use api\timelineData;
use api\user;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Selective\SameSiteCookie\SameSiteCookieConfiguration;
use Selective\SameSiteCookie\SameSiteCookieMiddleware;
use Slim\Factory\AppFactory;
use Tuupola\Middleware\JwtAuthentication;
use Selective\SameSiteCookie\SameSiteCookieMiddleware;
use Slim\Handlers\Strategies\RequestHandler;
// Start slim
$app = AppFactory::create();
// create middleware
$ssConfig = new SameSiteCookieConfiguration(["same_site" => "strict"]);
// add in same site cookie stuff
$app->add(new SameSiteCookieMiddleware($ssConfig));
// for error checking
$errorMiddleware = $app->addErrorMiddleware(true, true, true);
// set base path for all routes
// Add middleware
new middleware($app);
// return all responses as JSON
/*$app->add(function($request, $handler) {
$response = $handler->handle($request);
return $response->withHeader("Content-Type", "application/json");
$timelineData = new timelineData();
$projectData = new projectData();
@ -267,9 +277,8 @@ $app->post("/user/login", function (Request $request, Response $response)
if ($user->checkUser($data["username"], $data["password"]))
// yay, user is logged in
$_SESSION["token"] = $user->createToken($data["username"]);
$_SESSION["token"] = $user->createToken();
$_SESSION["username"] = $data["username"];
$response->getBody()->write(json_encode(array("token" => $_SESSION["token"])));
return $response;
return $response->withStatus(401);
@ -288,7 +297,7 @@ $app->get("/user/isLoggedIn", function (Request $request, Response $response)
if (empty($_SESSION["token"]))
// user is logged in but no token was created
$_SESSION["token"] = $user->createToken($_SESSION["username"]);
$_SESSION["token"] = $user->createToken();
return $response;
@ -310,7 +319,8 @@ $app->get("/user/checkResetEmail/{email}", function (Request $request, Response
if ($user->checkEmail($args["email"]))
// yay email does exist
$_SESSION["resetToken"] = $user->sendResetEmail($args["email"]);
$token = $user->sendResetEmail($args["email"]);
$_SESSION["resetToken"] = $token;
$_SESSION["resetEmail"] = $args["email"];
return $response;
@ -325,7 +335,7 @@ $app->get("/user/resendEmail", function (Request $request, Response $response)
return $response->withStatus(401);
global $user;
$_SESSION["resetToken"] = $user->sendResetEmail($_SESSION["resetEmail"]);
return $response;
@ -373,10 +383,4 @@ $app->post("/user/changePassword", function (Request $request, Response $respons
return $response->withStatus(500);
$app->post("/projectData", function (Request $request, Response $response)
$response->getBody()->write(json_encode(array("test" => "test")));
return $response;

View File

@ -1,91 +0,0 @@
// middleware
namespace api;
use Slim\App;
use Selective\SameSiteCookie\SameSiteCookieConfiguration;
use Selective\SameSiteCookie\SameSiteCookieMiddleware;
use Tuupola\Middleware\JwtAuthentication;
use Tuupola\Middleware\JwtAuthentication\RequestMethodRule;
use Tuupola\Middleware\JwtAuthentication\RequestPathRule;
* Middleware
* Define all middleware functions
class middleware
* Constructor for middleware
* @param App $app - Slim App
function __construct(App $app)
* Base middleware
* @param App $app - Slim App
function baseMiddleware(App $app): void
* SameSite Cookie Configuration
* @param App $app - Slim App
function sameSiteConfig(App $app): void
$ssConfig = new SameSiteCookieConfiguration(["same_site" => "strict"]);
$app->add(new SameSiteCookieMiddleware($ssConfig));
* Return all responses as JSON
* @param App $app - Slim App
function returnAsJSON(App $app): void
$app->add(function ($request, $handler)
$response = $handler->handle($request);
return $response->withHeader("Content-Type", "application/json");
* JWT Authentication
* @param App $app - Slim App
function jwtAuth(App $app): void
$jwtSecret = getSecretKey();
$app->add(new JwtAuthentication([
"rules" => [
new RequestPathRule([
"path" => ["/api/projectData", "/api/timeline/[a-z]*", "/api/user/testMethod"],
"ignore" => ["/api/contact", "/api/user/login", "/api/user/changePassword"]
new RequestMethodRule([
"ignore" => ["OPTIONS", "GET"]
"secret" => $jwtSecret,
"error" => function ($response)
$response->getBody()->write(json_encode(array("status" => "401", "message" =>
"Unauthorized, please provide a valid token")));
return $response->withStatus(401);
$app->addErrorMiddleware(true, true, true);

View File

@ -10,10 +10,6 @@ require_once "./config.php";
class projectData
* Get all project data
* @return array - Array of all project data or error message
function getProjectData(): array
$conn = dbConn();

View File

@ -10,10 +10,6 @@ require_once "./config.php";
class timelineData
* Get all education data
* @return array - Array of all education data or error message
function getEduData(): array
$conn = dbConn();
@ -30,10 +26,6 @@ class timelineData
return array("errorMessage" => "Error, edu data not found");
* Get all work data
* @return array - Array of all work data or error message
function getWorkData(): array
$conn = dbConn();

dist/api/user.php vendored
View File

@ -1,6 +1,5 @@
namespace api;
use Firebase\JWT\JWT;
use PDO;
require_once "./config.php";
@ -11,13 +10,7 @@ require_once "./config.php";
class user
* Check if user exists and can be logged in
* @param $username string - Username
* @param $password string - Password
* @return bool - True if logged in, false if not
function checkUser(string $username, string $password): bool
function checkUser($username, $password): bool
$conn = dbConn();
$stmt = $conn->prepare("SELECT * FROM users WHERE username = :username");
@ -38,31 +31,12 @@ class user
return false;
* Create a JWT token
* @param $username string - Username
* @return string - JWT token
function createToken(string $username): string
function createToken(): string
$now = time();
$future = strtotime('+6 hour',$now);
$secretKey = getSecretKey();
$payload = [
return JWT::encode($payload,$secretKey,"HS256");
return uniqid("rpe-");
* Check if email is already in use
* @param string $email - Email to check
* @return bool - True if email exists, false if not
function checkEmail(string $email): bool
function checkEmail($email): bool
$conn = dbConn();
$stmt = $conn->prepare("SELECT * FROM users WHERE email = :email");
@ -79,15 +53,10 @@ class user
return false;
* Send a verification email to the user
* @param $email - email address of the user
* @return string - verification code
function sendResetEmail($email): string
//generate a random token and email the address
$token = uniqid("rpe-");
$token = $this->createToken();
$headers1 = "From:\r\n";
$headers1 .= "MIME-Version: 1.0\r\n";
$headers1 .= "Content-Type: text/html; charset=UTF-8\r\n";
@ -113,13 +82,7 @@ class user
return $token;
* Change password for an email with new password
* @param $email string Email
* @param $password string Password
* @return bool - true if the password was changed, false if not
function changePassword(string $email, string $password): bool
function changePassword($email, $password): bool
$conn = dbConn();
$stmt = $conn->prepare("UPDATE users SET password = :password WHERE email = :email");
@ -133,6 +96,4 @@ class user
return false;

View File

@ -1,4 +1,4 @@
<?php /** @noinspection PhpIncludeInspection */
////////////////// Index file //////////////
@ -7,30 +7,40 @@ session_start();
//require “routes.php”;
require "../vendor/autoload.php";
include "middleware.php";
include "timelineData.php";
include "projectData.php";
include "user.php";
use api\middleware;
use api\projectData;
use api\timelineData;
use api\user;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Selective\SameSiteCookie\SameSiteCookieConfiguration;
use Selective\SameSiteCookie\SameSiteCookieMiddleware;
use Slim\Factory\AppFactory;
use Tuupola\Middleware\JwtAuthentication;
use Selective\SameSiteCookie\SameSiteCookieMiddleware;
use Slim\Handlers\Strategies\RequestHandler;
// Start slim
$app = AppFactory::create();
// create middleware
$ssConfig = new SameSiteCookieConfiguration(["same_site" => "strict"]);
// add in same site cookie stuff
$app->add(new SameSiteCookieMiddleware($ssConfig));
// for error checking
$errorMiddleware = $app->addErrorMiddleware(true, true, true);
// set base path for all routes
// Add middleware
new middleware($app);
// return all responses as JSON
/*$app->add(function($request, $handler) {
$response = $handler->handle($request);
return $response->withHeader("Content-Type", "application/json");
$timelineData = new timelineData();
$projectData = new projectData();
@ -267,9 +277,8 @@ $app->post("/user/login", function (Request $request, Response $response)
if ($user->checkUser($data["username"], $data["password"]))
// yay, user is logged in
$_SESSION["token"] = $user->createToken($data["username"]);
$_SESSION["token"] = $user->createToken();
$_SESSION["username"] = $data["username"];
$response->getBody()->write(json_encode(array("token" => $_SESSION["token"])));
return $response;
return $response->withStatus(401);
@ -288,7 +297,7 @@ $app->get("/user/isLoggedIn", function (Request $request, Response $response)
if (empty($_SESSION["token"]))
// user is logged in but no token was created
$_SESSION["token"] = $user->createToken($_SESSION["username"]);
$_SESSION["token"] = $user->createToken();
return $response;
@ -310,7 +319,8 @@ $app->get("/user/checkResetEmail/{email}", function (Request $request, Response
if ($user->checkEmail($args["email"]))
// yay email does exist
$_SESSION["resetToken"] = $user->sendResetEmail($args["email"]);
$token = $user->sendResetEmail($args["email"]);
$_SESSION["resetToken"] = $token;
$_SESSION["resetEmail"] = $args["email"];
return $response;
@ -325,7 +335,7 @@ $app->get("/user/resendEmail", function (Request $request, Response $response)
return $response->withStatus(401);
global $user;
$_SESSION["resetToken"] = $user->sendResetEmail($_SESSION["resetEmail"]);
return $response;
@ -373,10 +383,4 @@ $app->post("/user/changePassword", function (Request $request, Response $respons
return $response->withStatus(500);
$app->post("/projectData", function (Request $request, Response $response)
$response->getBody()->write(json_encode(array("test" => "test")));
return $response;

View File

@ -1,91 +0,0 @@
// middleware
namespace api;
use Slim\App;
use Selective\SameSiteCookie\SameSiteCookieConfiguration;
use Selective\SameSiteCookie\SameSiteCookieMiddleware;
use Tuupola\Middleware\JwtAuthentication;
use Tuupola\Middleware\JwtAuthentication\RequestMethodRule;
use Tuupola\Middleware\JwtAuthentication\RequestPathRule;
* Middleware
* Define all middleware functions
class middleware
* Constructor for middleware
* @param App $app - Slim App
function __construct(App $app)
* Base middleware
* @param App $app - Slim App
function baseMiddleware(App $app): void
* SameSite Cookie Configuration
* @param App $app - Slim App
function sameSiteConfig(App $app): void
$ssConfig = new SameSiteCookieConfiguration(["same_site" => "strict"]);
$app->add(new SameSiteCookieMiddleware($ssConfig));
* Return all responses as JSON
* @param App $app - Slim App
function returnAsJSON(App $app): void
$app->add(function ($request, $handler)
$response = $handler->handle($request);
return $response->withHeader("Content-Type", "application/json");
* JWT Authentication
* @param App $app - Slim App
function jwtAuth(App $app): void
$jwtSecret = getSecretKey();
$app->add(new JwtAuthentication([
"rules" => [
new RequestPathRule([
"path" => ["/api/projectData", "/api/timeline/[a-z]*", "/api/user/testMethod"],
"ignore" => ["/api/contact", "/api/user/login", "/api/user/changePassword"]
new RequestMethodRule([
"ignore" => ["OPTIONS", "GET"]
"secret" => $jwtSecret,
"error" => function ($response)
$response->getBody()->write(json_encode(array("status" => "401", "message" =>
"Unauthorized, please provide a valid token")));
return $response->withStatus(401);
$app->addErrorMiddleware(true, true, true);

View File

@ -10,10 +10,6 @@ require_once "./config.php";
class projectData
* Get all project data
* @return array - Array of all project data or error message
function getProjectData(): array
$conn = dbConn();

View File

@ -10,10 +10,6 @@ require_once "./config.php";
class timelineData
* Get all education data
* @return array - Array of all education data or error message
function getEduData(): array
$conn = dbConn();
@ -30,10 +26,6 @@ class timelineData
return array("errorMessage" => "Error, edu data not found");
* Get all work data
* @return array - Array of all work data or error message
function getWorkData(): array
$conn = dbConn();

View File

@ -1,6 +1,5 @@
namespace api;
use Firebase\JWT\JWT;
use PDO;
require_once "./config.php";
@ -11,13 +10,7 @@ require_once "./config.php";
class user
* Check if user exists and can be logged in
* @param $username string - Username
* @param $password string - Password
* @return bool - True if logged in, false if not
function checkUser(string $username, string $password): bool
function checkUser($username, $password): bool
$conn = dbConn();
$stmt = $conn->prepare("SELECT * FROM users WHERE username = :username");
@ -38,31 +31,12 @@ class user
return false;
* Create a JWT token
* @param $username string - Username
* @return string - JWT token
function createToken(string $username): string
function createToken(): string
$now = time();
$future = strtotime('+6 hour',$now);
$secretKey = getSecretKey();
$payload = [
return JWT::encode($payload,$secretKey,"HS256");
return uniqid("rpe-");
* Check if email is already in use
* @param string $email - Email to check
* @return bool - True if email exists, false if not
function checkEmail(string $email): bool
function checkEmail($email): bool
$conn = dbConn();
$stmt = $conn->prepare("SELECT * FROM users WHERE email = :email");
@ -79,15 +53,10 @@ class user
return false;
* Send a verification email to the user
* @param $email - email address of the user
* @return string - verification code
function sendResetEmail($email): string
//generate a random token and email the address
$token = uniqid("rpe-");
$token = $this->createToken();
$headers1 = "From:\r\n";
$headers1 .= "MIME-Version: 1.0\r\n";
$headers1 .= "Content-Type: text/html; charset=UTF-8\r\n";
@ -113,13 +82,7 @@ class user
return $token;
* Change password for an email with new password
* @param $email string Email
* @param $password string Password
* @return bool - true if the password was changed, false if not
function changePassword(string $email, string $password): bool
function changePassword($email, $password): bool
$conn = dbConn();
$stmt = $conn->prepare("UPDATE users SET password = :password WHERE email = :email");
@ -133,6 +96,4 @@ class user
return false;