-
Notifications
You must be signed in to change notification settings - Fork 13
/
api.php
145 lines (115 loc) · 4 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php
require_once 'dbconnect.php';
//an array to display response
$response = array();
//if it is an api call
//that means a get parameter named api call is set in the URL
//and with this parameter we are concluding that it is an api call
if(isset($_GET['apicall'])){
switch($_GET['apicall']){
case 'signup':
//checking the parameters required are available or not
if(isTheseParametersAvailable(array('name','email','password','gender'))){
//getting the values
$name = $_POST['name'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$gender = $_POST['gender'];
//checking if the user is already exist with this name or email
//as the email and name should be unique for every user
$stmt = $conn->prepare("SELECT id FROM users WHERE name = ? OR email = ?");
$stmt->bind_param("ss", $name, $email);
$stmt->execute();
$stmt->store_result();
//if the user already exist in the database
if($stmt->num_rows > 0){
$response['error'] = true;
$response['message'] = 'User already registered';
$stmt->close();
}else{
//if user is new creating an insert query
$stmt = $conn->prepare("INSERT INTO users (name, email, password, gender) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $name, $email, $password, $gender);
//if the user is successfully added to the database
if($stmt->execute()){
//fetching the user back
$stmt = $conn->prepare("SELECT id, id, name, email, gender FROM users WHERE name = ?");
$stmt->bind_param("s",$name);
$stmt->execute();
$stmt->bind_result($userid, $id, $name, $email, $gender);
$stmt->fetch();
$user = array(
'id'=>$id,
'name'=>$name,
'email'=>$email,
'gender'=>$gender
);
$stmt->close();
//adding the user data in response
$response['error'] = false;
$response['message'] = 'User registered successfully';
$response['user'] = $user;
}
}
}else{
$response['error'] = true;
$response['message'] = 'required parameters are not available';
}
break;
case 'login':
//for login we need the name and password
if(isTheseParametersAvailable(array('name', 'password'))){
//getting values
$name = $_POST['name'];
$password = md5($_POST['password']);
//creating the query
$stmt = $conn->prepare("SELECT id, name, email, gender FROM users WHERE name = ? AND password = ?");
$stmt->bind_param("ss",$name, $password);
$stmt->execute();
$stmt->store_result();
//if the user exist with given credentials
if($stmt->num_rows > 0){
$stmt->bind_result($id, $name, $email, $gender);
$stmt->fetch();
$user = array(
'id'=>$id,
'name'=>$name,
'email'=>$email,
'gender'=>$gender
);
$response['error'] = false;
$response['message'] = 'Login successfull';
$response['user'] = $user;
}else{
//if the user not found
$response['error'] = false;
$response['message'] = 'Invalid name or password';
}
}
break;
default:
$response['error'] = true;
$response['message'] = 'Invalid Operation Called';
}
}else{
//if it is not api call
//pushing appropriate values to response array
$response['error'] = true;
$response['message'] = 'Invalid API Call';
}
//displaying the response in json structure
echo json_encode($response);
//function validating all the paramters are available
//we will pass the required parameters to this function
function isTheseParametersAvailable($params){
//traversing through all the parameters
foreach($params as $param){
//if the paramter is not available
if(!isset($_POST[$param])){
//return false
return false;
}
}
//return true if every param is available
return true;
}