Sprint 1

Admin backend/db.php

@@ -0,0 +1,11 @@
+<?php
+# Connect to database
+$conn = new mysqli("localhost", "ComedoresEscolares", "1234");
+$conn->select_db("ComedoresEscolar");
+
+# Checks connection
+if($conn->connect_error){
+    header("500 Internal Server Error", true, 500);
+    exit();
+}
+?>

Admin backend/login.php

@@ -0,0 +1,45 @@
+<?php
+header('Content-type: application/json');
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    # Gets json from POST
+    $json = json_decode(file_get_contents('php://input'), true);
+
+    # Input validation for username y password
+    $username = $json["username"];
+    $password = $json["password"];
+    if(strlen($username) == 0 or strlen($password) == 0){
+        header("400 Bad Request", true, 400);
+        exit();
+    }
+
+    include 'db.php';
+
+    # Select username row
+    $sql = "SELECT hash FROM login WHERE username = '".$username."'";
+    $result = $conn->query($sql);
+    if($result->num_rows){
+        $result = $result->fetch_assoc();
+        $hash = $result["hash"];
+    } else {
+        $conn->close();
+        header("400 Bad Request", true, 400);
+        exit();
+    }
+
+    # Verifies password
+    if(!password_verify($password, $hash)){
+        $conn->close();
+        header("400 Bad Request", true, 400);
+        exit();
+    }
+
+    # Returns 200
+    $conn->close();
+    header("200 OK", true, 200);
+    exit();
+    
+} else {
+    header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
+    exit();
+}
+?>

Admin backend/members.php

@@ -0,0 +1,107 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <style>
+        body { 
+            margin:0px;
+        }
+        table, th, td {
+            border: 1px solid black;
+            border-collapse: collapse;
+        }
+        th, td {
+            padding: 5px;
+        }
+        th {
+            text-align: left;
+        }
+
+        .container {
+            height:100%;
+            width:100%;
+            position: fixed;
+            z-index: -1
+        }
+
+        .members {
+            margin-top: 8px;
+            margin-left: 1em;
+            margin-right: 1em;
+        }
+
+        /* Add a black background color to the top navigation */
+        .topnav {
+            background-color: #ED7D31;
+            overflow: hidden;
+            box-shadow: 0 4px 2px 0px gray;
+        }
+
+        /* Style the links inside the navigation bar */
+        .topnav a {
+            float: left;
+            color: black;
+            text-align: center;
+            padding: 14px 16px;
+            text-decoration: none;
+            font-size: 23px;
+        }
+
+        .topnav a:hover {
+            background-color: #BA6127;
+        }
+
+        .logo {
+            padding: 0px 0px ! important;
+        }
+        
+        .logo img {
+            float: left;
+            height: 54px;
+        }
+
+        </style>
+    </head>
+    <body>
+        <div class="topnav">
+            <a class="logo" href="/members.php"><img src="logo.png"></a>
+            <a href="/members.php">Tabla de Miembros</a>
+        </div> 
+
+        <div class="container">
+            <div class="members">
+    <?php
+    if ($_SERVER["REQUEST_METHOD"] == "GET") {
+        include 'db.php';
+
+        # Select username row
+        $sql = "SELECT username, nombre, organizacion, puesto, urbanizacion, calle, pueblo, cpostal, telefono, correo, membresia, vigencia FROM login NATURAL JOIN miembros;";
+        
+
+        if($result = $conn->query($sql)){
+            // username 	nombre 	organizacion 	puesto 	urbanizacion 	calle 	pueblo 	cpostal 	telefono 	correo 	membresia 	vigencia 
+            echo "<table style=\"width:100%\"><tr><th>Username</th><th>Nombre</th><th>Organizacion</th><th>Puesto</th><th>Urbanizacion</th>
+                    <th>Calle</th><th>Pueblo</th><th>Codigo Posta</th><th>Telefono</th><th>Correo</th><th>Membresia</th><th>Vigencia</th></tr>";
+            while($row = $result->fetch_assoc()){
+                echo "<tr><td>".$row["username"]."</td><td>".$row["nombre"]."</td><td>".$row["organizacion"]."</td><td>".$row["puesto"]."</td><td>".
+                    $row["urbanizacion"]."</td><td>".$row["calle"]."</td><td>".$row["pueblo"]."</td><td>".$row["cpostal"]."</td><td>".$row["telefono"]."</td><td>"
+                    .$row["correo"]."</td><td>".$row["membresia"]."</td><td>".$row["vigencia"]."</tr>";
+            }
+            echo "</table>";
+
+        } else {
+            echo "Could not get rows";
+        }
+
+        # Closes databde
+        $conn->close();
+        
+    } else {
+        header('Content-type: application/json');
+        header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
+        exit();
+    }
+    ?>
+            </div>
+        </div>
+    </body>
+</html>

Admin backend/php.ini

@@ -0,0 +1,2 @@
+extension=php_mysqli.dll
+extension=php_pdo_mysql.dll

Admin backend/signup.php

@@ -0,0 +1,77 @@
+<?php
+header('Content-type: application/json');
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    # Gets json from POST
+    $json = json_decode(file_get_contents('php://input'), true);
+    
+    # Input validation for username y password
+    $username = $json["username"];
+    $password = $json["password"];
+    if(strlen($username) == 0 or strlen($password) == 0){
+        header("400 Bad Request", true, 400);
+        exit();
+    }
+    
+    # Hashed password
+    $hash = password_hash($password,  PASSWORD_BCRYPT);
+
+    include 'db.php';
+
+    # Starts a transaction
+    $conn->autocommit(FALSE);
+    $conn->begin_transaction(MYSQLI_TRANS_START_READ_WRITE);
+
+    # Inserts into login
+    $sql = "INSERT INTO login (username, hash) VALUES ('".$username."', '".$hash."')";
+    if($conn->query($sql) === FALSE){
+        $conn->rollback();
+        $conn->close();
+        header("500 Internal Server Error", true, 500);
+        exit();
+    }
+
+    # Grabs all data
+    $userid = $conn->insert_id;
+    $nombre = $json["nombre"];
+    $organizacion = $json["organizacion"];
+    $puesto = $json["puesto"];
+    $urbanizacion = $json["urbanizacion"];
+    $calle = $json["calle"];
+    $pueblo = $json["pueblo"];
+    $cpostal = $json["cpostal"];
+    $telefono = $json["telefono"];
+    $correo = $json["correo"];
+
+    # Checks if necessary data is empty
+    if(!(strlen($nombre) or strlen($urbanizacion) or strlen($calle) or strlen($pueblo) or strlen($cpostal) or strlen($telefono) or strlen($correo))){
+        $conn->rollback();
+        $conn->close();
+        header("400 Bad Request", true, 400);
+        exit();
+    }
+
+    # Inserts into miembros
+    $sql = "INSERT INTO miembros (userid, nombre, organizacion, puesto, urbanizacion, calle, pueblo, cpostal, telefono, correo) VALUES "
+            ."('".$userid."', '".$nombre."', '".$organizacion."', '".$puesto."', '".$urbanizacion.
+            "', '".$calle."', '".$pueblo."', '".$cpostal."', '".$telefono."', '".$correo."')";
+            
+    if($conn->query($sql) === FALSE){
+        $conn->rollback();
+        $conn->close();
+        header("500 Internal Server Error", true, 500);
+        exit();
+    }
+
+    # Commits changes
+    $conn->commit();
+    $conn->close();
+
+    # Returns 200
+    header("200 OK", true, 200);
+    exit();
+    
+} else {
+    header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
+    exit();
+}
+?>

Admin backend/tables.sql

@@ -0,0 +1,22 @@
+CREATE TABLE login (
+    userid INTEGER PRIMARY KEY AUTO_INCREMENT,
+    username VARCHAR(16),
+    hash VARBINARY(255),
+    UNIQUE(username)
+);
+
+CREATE TABLE miembros (
+  userid INTEGER,
+  nombre VARCHAR(64),
+  organizacion TINYTEXT,
+  puesto VARCHAR(64),
+  urbanizacion TINYTEXT,
+  calle TINYTEXT,
+  pueblo VARCHAR(32),
+  cpostal CHAR(5),
+  telefono CHAR(10),
+  correo VARCHAR(64),
+  membresia VARCHAR(16),
+  vigencia DATE,
+  FOREIGN KEY (userid) REFERENCES login(userid) ON DELETE CASCADE
+);