How can I make an edit API to edit student details in the database after they login into the system without they need to enter their id again?
Below are my login route
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify email address
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
return $this->response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
// This is the new one that i have tried before but getting failed
$app->put('/address', function ($request, $response) {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if(empty($_SESSION['user_id'])) {
return $response->withJson(['error' => true, 'message' => 'Login please'], 403);
}
$input = $request->getParsedBody();
$sql = "INSERT INTO address (id, s_pNumber, s_address, s_pCode, s_city, s_state, s_country) VALUES
(:s_pNumber, :s_address, :s_pCode, :s_city, :s_state, :s_country) WHERE 'user_id' = :id;";
$sth = $this->db->prepare($sql);
$sth->bindParam("s_pNumber", $input['s_pNumber']);
$sth->bindParam("s_address", $input['s_address']);
$sth->bindParam("s_pCode", $input['s_pCode']);
$sth->bindParam("s_city", $input['s_city']);
$sth->bindParam("s_state", $input['s_state']);
$sth->bindParam("s_country", $input['s_country']);
$sth->execute();
return $response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
Is it correct how i should do? Even when i already try to put session_destory() to test the code but it will always return true
Neverever use plain passwords in production. But this is not what you were asking for.. If your user login, you can save this information in SESSION for example $_SESSION['logged_id'] = $input['id'].
In next request you can check this SESSION to get logged in user by the id.
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify email address
if (!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'], $user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$_SESSION['user_id'] = $input['id'];
return $this->response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
$app->get('/my-route-only-for-logged-users', function ($request, $response) {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if (empty($_SESSION['user_id'])) {
return $response->withJson(['error' => true, 'message' => 'Login please'], 403);
}
// Now you can get information for certain user, because you know his ID from session...
return $response
->withJson('{"user_id": ' . $_SESSION['user_id'] . '}')
->withStatus(200)
->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});