From 44a6d295d8a0e4259bf02dcd3f80d3d3a9298056 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 18 Dec 2022 15:08:59 +0100 Subject: [PATCH] Part on authorisation finished --- controllers/note.php | 26 ++++++++++++++++++-------- index.php | 15 ++++++++------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/controllers/note.php b/controllers/note.php index b237951..a062cb7 100644 --- a/controllers/note.php +++ b/controllers/note.php @@ -1,11 +1,21 @@ query('select * from notes where id = :id', ['id' => $_GET['id']] )->fetch(); - //dd($notes); - require "views/note.view.php"; \ No newline at end of file +$note = $db->query('select * from notes where id = :id', [ + 'id' => $_GET['id'] +])->fetch(); + +if (!$note) { + abort(); +} +$currentUserId = 1; +if ($note['user_id'] != $currentUserId) { + abort(Response::FORBIDDEN); +} +//dd($notes); +require "views/note.view.php"; diff --git a/index.php b/index.php index 7f6b31a..abf5158 100644 --- a/index.php +++ b/index.php @@ -2,14 +2,15 @@ require 'functions.php'; require 'Database.php'; require 'router.php'; -$username = 'appUser'; -$password = 'password'; -$config = require('config.php'); -$db = new Database($config['database'], $username, $password); -$id = $_GET['id']; +require 'Response.php'; +//$username = 'appUser'; +//$password = 'password'; +//$config = require('config.php'); +//$db = new Database($config['database'], $username, $password); +//$id = $_GET['id']; // Variante 1 -$query = "SELECT * FROM posts WHERE id = ?"; -$posts = $db->query($query, [$id])->fetchAll(PDO::FETCH_ASSOC); +//$query = "SELECT * FROM posts WHERE id = ?"; +//$posts = $db->query($query, [$id])->fetchAll(PDO::FETCH_ASSOC); // Variante 2 //$query = "SELECT * FROM posts WHERE id = :id"; //$posts = $db->query($query, [':id' => $id])->fetchAll(PDO::FETCH_ASSOC);