From 2cac897f4586235dd215d673783ef50a550951e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82?= <pawelthoni@gmail.com>
Date: Wed, 15 Mar 2023 13:11:06 +0100
Subject: [PATCH] init

---
 addOrder.php      | 26 ++++++++++++++++++++
 db_connection.php | 42 ++++++++++++++++++++++++++++++++
 index.php         | 62 +++++++++++++++++++++++++++++++++++++++++++++++
 login.php         | 53 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 183 insertions(+)
 create mode 100644 addOrder.php
 create mode 100644 db_connection.php
 create mode 100644 index.php
 create mode 100644 login.php

diff --git a/addOrder.php b/addOrder.php
new file mode 100644
index 0000000..9f8141c
--- /dev/null
+++ b/addOrder.php
@@ -0,0 +1,26 @@
+<?php
+    
+    // Allow from any origin
+    if (isset($_SERVER['HTTP_ORIGIN'])) {
+        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
+        // you want to allow, and if so:
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 86400');    // cache for 1 day
+    }
+    
+    // Access-Control headers are received during OPTIONS requests
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+            // may also be using PUT, PATCH, HEAD etc
+            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
+            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+    
+        exit(0);
+    }
+    $data = json_decode(file_get_contents('php://input'), true);
+    print_r($data);
+?>
\ No newline at end of file
diff --git a/db_connection.php b/db_connection.php
new file mode 100644
index 0000000..b263d16
--- /dev/null
+++ b/db_connection.php
@@ -0,0 +1,42 @@
+<?php
+    
+    // Allow from any origin
+    if (isset($_SERVER['HTTP_ORIGIN'])) {
+        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
+        // you want to allow, and if so:
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 86400');    // cache for 1 day
+    }
+    
+    // Access-Control headers are received during OPTIONS requests
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+            // may also be using PUT, PATCH, HEAD etc
+            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
+            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+    
+        exit(0);
+    }
+    
+    function openCon(){
+        $dbhost = "localhost";
+        $dbuser = "root";
+        $dbpass = "";
+        $db = "wc2";
+
+        $conn = new mysqli($dbhost, $dbuser, $dbpass, $db);
+
+        if($conn->connect_error) {
+            die("Connection failed: ". $conn->connect_error);
+        }
+
+        return $conn;
+    }
+    function closeCon($conn){
+        $conn -> close();
+    }
+?>
\ No newline at end of file
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..c3d9485
--- /dev/null
+++ b/index.php
@@ -0,0 +1,62 @@
+<?php
+    // Allow from any origin
+    if (isset($_SERVER['HTTP_ORIGIN'])) {
+        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
+        // you want to allow, and if so:
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 86400');    // cache for 1 day
+    }
+    
+    // Access-Control headers are received during OPTIONS requests
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+            // may also be using PUT, PATCH, HEAD etc
+            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
+            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+    
+        exit(0);
+    }
+    $data = json_decode(file_get_contents('php://input'), true);
+
+
+    include 'db_connection.php';
+    $conn = openCon();
+    mysqli_set_charset($conn, "utf8");
+    switch($_GET['name']){
+        case "client":
+            $q = "SELECT client.id, client.name, client.nip, client.arrear FROM client";
+            $result = mysqli_query($conn, $q) or die("Problemy z odczytem danych!");
+            $tab = [];
+            while($row = mysqli_fetch_row($result))
+            {
+                $tab[]=["id"=>$row[0],"name"=>$row[1], "nip"=>$row[2], "arrear"=>$row[3]];
+            }
+            echo json_encode($tab);
+            break;
+        case "add":
+            $q = "SELECT product.id, product.name, product.img FROM product";
+            $result = mysqli_query($conn, $q) or die("Problemy z odczytem danych!");
+            $tab = [];
+            while($row = mysqli_fetch_row($result))
+            {
+                $tab[]=["id"=>$row[0], "name"=>$row[1], "img"=>$row[2]];
+            }
+            echo json_encode($tab);
+            break;
+        case "details":
+                $q = "SELECT product.id, product.name, product.catalogPrice, product.img FROM product";
+                $result = mysqli_query($conn, $q) or die("Problemy z odczytem danych!");
+                $tab = [];
+                while($row = mysqli_fetch_row($result))
+                {
+                    $tab[]=["id"=>$row[0], "name"=>$row[1], "catalogPrice"=>$row[2], "img"=>$row[3]];
+                }
+                echo json_encode($tab);
+                break;
+    }
+    closeCon($conn);
+?>
\ No newline at end of file
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..51ef051
--- /dev/null
+++ b/login.php
@@ -0,0 +1,53 @@
+<?php
+    
+    // Allow from any origin
+    if (isset($_SERVER['HTTP_ORIGIN'])) {
+        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
+        // you want to allow, and if so:
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 86400');    // cache for 1 day
+    }
+    
+    // Access-Control headers are received during OPTIONS requests
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+            // may also be using PUT, PATCH, HEAD etc
+            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
+            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+    
+        exit(0);
+    }
+    //$2y$10$yJMyDzprPAyf3rBnClqQ3O3poVb5w8gg2KcmZ10DVbTWSzgXeU.Ju
+    //65de59ea345a79fb01174fb34a930d95
+
+    include 'db_connection.php';
+    $conn = openCon();
+        mysqli_set_charset($conn, "utf8");
+        $data = json_decode(file_get_contents("php://input"),true);
+
+        $email =  $data["email"];  //"example@email.email";
+        $pass = $data["pass"];   //"hasło135$";
+
+        $q = "SELECT login.pass, login.salt FROM login WHERE login.email=\"" . $email . "\"";
+        $result = mysqli_query($conn, $q) or die("Problemy z odczytem danych!");
+        
+        $answ;
+        while($row = mysqli_fetch_row($result))
+            {
+                $answ=["hash"=>$row[0], "salt"=>$row[1]];
+            }
+        
+        function checkPassword($p, $s, $h){
+            if(password_verify($p . $s, $h)) return true;
+            else return false;
+        };
+        if(isset($answ["salt"]) && checkPassword($pass, $answ["salt"], $answ["hash"])){
+            echo json_encode(true);
+        }
+        else echo json_encode(false);
+    closeCon($conn);
+?>
\ No newline at end of file