From defbc76f3a5d061839850c0bebd5129c76e4825e Mon Sep 17 00:00:00 2001
From: Jordy van Zeeland <jordyvanzeeland@gmail.com>
Date: Fri, 16 Aug 2024 15:40:44 +0200
Subject: [PATCH] Upload files to "/"

---
 auth.php     |  80 ++++++++++++++++++++++++++++
 database.php | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++
 router.php   |  67 +++++++++++++++++++++++
 template.php |  27 ++++++++++
 4 files changed, 320 insertions(+)
 create mode 100644 auth.php
 create mode 100644 database.php
 create mode 100644 router.php
 create mode 100644 template.php

diff --git a/auth.php b/auth.php
new file mode 100644
index 0000000..5be35fd
--- /dev/null
+++ b/auth.php
@@ -0,0 +1,80 @@
+<?php 
+
+namespace Framework;
+
+use PDO;
+
+class Auth{
+
+    private $pdo;
+
+    /**
+     * Constructor method to initialize the database connection and start the session
+     */
+
+    public function __construct($host, $dbname, $username, $password){
+        $dsn = "mysql:host=$host;dbname=$dbname;charset=utf8mb4";
+
+        /**
+         * Instantiate the PDO object with the DSN, username, and password, and set attributes. 
+         * Then start a new session
+        */
+        
+        $this->pdo = new PDO($dsn, $username. $password, [
+            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+        ]);
+
+        session_start();
+    }
+
+    /**
+    * Method to autenticate the user based on the provided routes.
+    */
+
+    public function login($username, $password){
+        $sql = "SELECT * FROM users WHERE username = :username or email = :email LIMIT 1";
+
+        /**
+         * Prepare the SQL query for execution.
+         * Then txecute the query with the provided username and password parameters and 
+         * fetch the user record from the database.
+         */
+        
+        $query = $this->pdo->prepare($query);
+        $query->execute([
+            ":username" => $username,
+            ":password" => $password
+        ]);
+
+        $user = $query->fetch();
+
+        /**
+         * Check if the provided password is verified against the hashed password in the database.
+         * If correct, store user information in a session.
+         * 
+         * Return true indicating a successful login
+         */
+
+        if($user && password_verify($password, $user['password'])){
+            $_SESSION['user_id'] = $user['id'];
+            $_SESSION['username'] = $user['username'];
+            $_SESSION['token'] = bin2hex(random_bytes(32));
+
+            return true;
+        }
+
+        return false;
+    }
+
+}
+
+/**
+ * Example CSRF token in a form:
+ * <input type="hidden" name="csrf" value="<?php echo $_SESSION["csrf_token"]; ?>">
+ * 
+ * Possible check for CSRF in a request:
+ * if (!empty($_REQUEST["csrf"]) && hash_equals($_REQUEST["csrf_token"], $_SESSION["csrf_token"])) {
+ */
+
+?>
\ No newline at end of file
diff --git a/database.php b/database.php
new file mode 100644
index 0000000..86d6757
--- /dev/null
+++ b/database.php
@@ -0,0 +1,146 @@
+<?php
+
+namespace Framework;
+
+use PDO;
+
+Class Database{
+    private $pdo;
+    private $type;
+    private $table;
+    private $columns;
+    private $where;
+    private $limit;
+    private $query;
+
+    /**
+     * Constructor method to initialize the PDO instance
+     */
+
+    public function __construct(){
+        $this->pdo = new PDO('mysql:host=' . $db_config['host'] . ';dbname=' . $db_config['database'] . ';charset=utf8mb4', $db_config['username'], $db_config['password']);
+    }
+
+    /**
+     * Method to start a SELECT query and specify columns
+     */
+
+    public function select($columns = "*"){
+        $this->type = "SELECT";
+        $this->columns = $columns;
+    }
+
+    /**
+     * Method to specify the table to query
+     */
+
+    public function from($table){
+        $this->table = $table;
+    }
+
+    /**
+     * Method to add a WHERE clause to the query
+     */
+
+    public function where($key, $value){
+        $this->where = array($key, $value);
+    }
+
+    /**
+     * Method to add additional conditions to the WHERE clause
+     */
+
+    public function andWhere($key, $value){
+        if(!$this->where) $this->where = array();
+        $this->where[$key] = $value;
+    }
+
+    /**
+     * Method to add a LIMIT clause to the query
+     */
+
+    public function limit($number){
+        $this->limit = $number;
+    }
+
+    /**
+     * Method to execute the query and return all results
+     */
+
+    public function all(){
+        $this->query = $this->type . ' ' . $this->columns . ' FROM ' . $this->table;
+
+        /**
+         * Check if a WHERE clause is set, if so, then append it to the query.
+         * Then construct WHERE conditions using placeholders for prepared statements and
+         * join the WHERE conditions with AND and append them to the query
+         */
+        
+        if(!empty($this->where)){
+            $whereClauses = [];
+            foreach($this->where as $condition){
+                $whereClauses[] = $condition[0] . ' = :"' . $condition[0];
+            }
+            $this->query .= ' WHERE ' . implode(' AND ', $whereClauses);
+        }
+
+        if(!empty($this->limit)){
+            $this->query .= ' LIMIT ' . $this->limit;
+        }
+
+        $results = $this->pdo->prepare($Query);
+
+        /**
+         * Bind the values from the WHERE clause to the prepared statement
+         */
+        
+        foreach($this->where as $condition){
+            $results->bindValue(':' . $condition[0], $condition[1]);
+        }
+        
+        $results->execute();
+		return $results->fetchAll();
+    }
+
+    /**
+     * Method to execute the query and return a single result
+     */
+
+    public function one(){
+        $this->query = $this->type . ' ' . $this->columns . ' FROM ' . $this->table;
+
+        /**
+         * Check if a WHERE clause is set, if so, then append it to the query.
+         * Then construct WHERE conditions using placeholders for prepared statements and
+         * join the WHERE conditions with AND and append them to the query
+         */
+        
+        if(!empty($this->where)){
+            $whereClauses = [];
+            foreach($this->where as $condition){
+                $whereClauses[] = $condition[0] . ' = :"' . $condition[0];
+            }
+            $this->query .= ' WHERE ' . implode(' AND ', $whereClauses);
+        }
+        
+        $this->query .= " LIMIT 1";
+        $results = $this->pdo->prepare($Query);
+
+        /**
+         * Bind the values from the WHERE clause to the prepared statement
+         */
+
+        foreach($this->where as $condition){
+            $results->bindValue(':' . $condition[0], $condition[1]);
+        }
+
+        $results->execute();
+		return $results->fetch();
+    }
+}
+
+// Database::select(id, name)->from('tablename')->all()
+// Database::select(id, name)->from('tablename')->limit(100)->all()
+// Database::select()->from('tablename')->where('id', 3)->one()
+
+?>
\ No newline at end of file
diff --git a/router.php b/router.php
new file mode 100644
index 0000000..2d1768d
--- /dev/null
+++ b/router.php
@@ -0,0 +1,67 @@
+<?php
+
+namespace Framework;
+
+class Router{
+
+    private $uri;
+
+    /**
+     * Constructor method
+     * Executed when an instance of the Router class is created
+     */
+
+    public function __construct(){
+         $this->uri = parse_url($_SERVER['REQUEST_URI'])['path'];
+    }
+
+    /**
+     * Method to route the request to the appropriate controller 
+     * based on the provided routes
+     */
+
+    public function routeToController($routes){
+        /**
+         * Check if the requested URI exists in the routes array.
+         * If it exists, require (include and execute) the file corresponding to the route.
+         * If the route doesn't exist, call the abort method to handle the error
+         */
+
+        if(array_key_exists($this->uri, $routes)){
+            list($controller, $method) = explode('@', $routes[$this->uri]);
+            $controllerPath = __DIR__ . '/../app/controllers/' . $controller . '.php';
+
+            if(file_exists($controllerPath)){
+                require $controllerPath;
+                $controller = new $controller();
+
+                if(method_exists($controller, $method)){
+                    $controller->$method();
+                }else{
+                    $this->abort();
+                }
+            }else{
+                $this->abort();
+            }
+        }else{
+            $this->abort();
+        }
+    }
+
+    /**
+     * Method to handle HTTP errors 
+     * Default is 404 - Not Found
+     */
+
+    public function abort($code = 404){
+        /**
+         * Set the HTTP response code to the specified value.
+         * Then include and execute the corresponding error view (e.g., "views/404.php") and Terminate the script execution
+         */
+
+        http_response_code($code);
+        require "views/{$code}.php";
+        die();
+    }
+}
+?>
\ No newline at end of file
diff --git a/template.php b/template.php
new file mode 100644
index 0000000..9b2e204
--- /dev/null
+++ b/template.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Framework;
+
+class Template{
+
+    /**
+     * Method to render the template file with additional data 
+     */
+
+    public function render($tmpname, $args){
+
+        /**
+         * Extracts variables from the associative array $args, making each key a variable in the current scope.
+         * EXTR_SKIP ensures that existing variables with the same name are not overwritten.
+         * Then Include the specified view file for rendering.
+         */
+
+        extract($args, EXTR_SKIP);
+        require "views/{$tmpname}.view.php";
+    }
+
+}
+
+// $templ = Template::render('about', '['title' => 'About']');
+
+?>
\ No newline at end of file