Merge pull request #12 from hanfengmi/master

logIn+logOut

Author: YComputer

application/controllers/Category.php

@@ -8,15 +8,17 @@ public function index()
     }
 
     public function AddCategory() {
-		$post = $this->input->post(NULL, TRUE);
-		$data = array(
-			'name' => $post['cat_name'],
-		);
-		$this->load->model('Category_model');
-		$category_list = $this->Category_model->add_category($data);
-		echo json_encode($category_list);
-		// var_dump($post);
-		// echo $post->;
+			session_start();
+			$post = $this->input->post(NULL, TRUE);
+			$data = array(
+				'name' => $post['cat_name'],
+			);
+			$nonces = $_SESSION['nonces'];
+			$this->load->model('Category_model');
+			$category_list = $this->Category_model->add_category($data, $nonces);
+			echo json_encode($category_list);
+			// var_dump($post);
+			// echo $post->;
     }
 
     public function DeleteCategory() {

application/controllers/Home.php

@@ -1,16 +1,33 @@
 <?php
 defined('BASEPATH') OR exit('No direct script access allowed');
-
+require APPPATH . '/libraries/ImplementJwt.php';
 class Home extends CI_Controller {
 
+	public function __construct(){
+		parent::__construct();
+		$this->load->helper('url');
+        $this->objOfJwt = new ImplementJwt();
+	}
+	
 	public function index()
 	{
+
+		if(isset($_COOKIE['auth'])){
+			$decodeToken = $this->objOfJwt->DecodeToken($_COOKIE['auth']);
+			$user = $decodeToken;
+		} else {
+			$user = NULL;
+		}
+
 		$this->load->library('layout');
 		$this->load->model('admin_model');// 都是获取所有数据接口，可复用
 		$product = $this->admin_model->getProductData();
 		$catgory = $this->admin_model->getCatgoryData();
 		$data['products'] = $product;
 		$data['catgories'] = $catgory;
+		$data['user'] = $user;
+		// var_dump($user);
+		
 		$this->layout->view('home',['data' => $data]);
 	}
 }

application/controllers/Item.php

@@ -1,12 +1,27 @@
 <?php
 defined('BASEPATH') OR exit('No direct script access allowed');
 
+require APPPATH . '/libraries/ImplementJwt.php';
 class Item extends CI_Controller {
 
+	public function __construct(){
+        parent::__construct();
+        $this->objOfJwt = new ImplementJwt();
+	}
+
 	public function index()
 	{
+		if(isset($_COOKIE['auth'])){
+			$decodeToken = $this->objOfJwt->DecodeToken($_COOKIE['auth']);
+			$user = $decodeToken;
+		} else {
+			$user = NULL;
+		}
+
+		$data['user'] = $user;
+
 		$this->load->library('layout');
 		// $this->load->view('item');
-		$this->layout->view('item');
+		$this->layout->view('item',['data' => $data]);
 	}
 }

application/controllers/Login.php

@@ -7,6 +7,7 @@ class Login extends CI_Controller {
     public function __construct(){
         parent::__construct();
         $this->objOfJwt = new ImplementJwt();
+        $this->load->helper('cookie');
     }
 
 	public function index(){
@@ -19,6 +20,7 @@ public function index(){
     public function Login() {
         $this->load->helper('url');
         $this->load->library('layout');
+        session_start();
         // $this->output->set_header('Access-Control-Allow-Credentials:true');
 		// https://codeigniter.com/user_guide/libraries/input.html
 		// To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean TRUE.
@@ -44,29 +46,33 @@ public function Login() {
                 'prefix' => NULL,
                 'httponly' => TRUE
             );
+            // set cookie + set session
             $this->input->set_cookie($cookie);
+            $_SESSION['nonces'] = md5(rand(1,10000)); 
             // $decodeToken = $this->objOfJwt->DecodeToken($jwtToken);
             // echo $decodeToken;
             // var_dump($_COOKIE);
 
             $response = array('status'=>'2','msg'=>'success','data'=>$user[0]);
             echo json_encode($response);
-            // if($user[0]->role == 0){
-            //     // 跳转到 admin
-            //     // redirect('http://47.98.195.42/php/admin', 'location');
-
-            // }else{
-            //     // 跳转到首页
-            //     // redirect('http://47.104.15.106/home');
-            //     // redirect('http://47.98.195.42/php/home', 'location');
-            // }
         }else{
             $response = array('status'=>'0','msg'=>'failed','data'=>$user);
             // echo json_encode($user);
             // $this->layout->view('item');
             echo json_encode($response);
+        } 	
+    }
+    
+    public function LogOut() {
+        session_start();
+        $response = array('status'=>'0','msg'=>'failed');
+        try {
+            $response = array('status'=>'2','msg'=>'success');
+            unset($_SESSION['nonces']);
+            delete_cookie('auth');
+            echo json_encode($response);
+        }catch(PDOEXCEPTION $e){
+            echo $e->getMessage();
         }
-        
-		
-	}
+    }
 }

application/controllers/ProductAPI.php

@@ -6,7 +6,8 @@ class ProductAPI extends CI_Controller {
 
   public function __construct()
 	{
-    	parent::__construct();
+		parent::__construct();
+		
 	}
 
 	public function index()
@@ -42,18 +43,20 @@ public function ProductDetail() {
 	}
 
 	public function AddProduct() {
+		session_start();
 		// https://codeigniter.com/user_guide/libraries/input.html
 		// To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean TRUE.
 		$post = $this->input->post(NULL, TRUE);
+
 		$data = array(
 			'name' => $post['name'],
 			'price' => $post['price'],
 			'catid' => $post['catid'],
 			'description' => $post['description']
-			// ["file"]=> string(8) "demo.jpg"
 		);
+		$nonces = $_SESSION['nonces'];
 		$this->load->model('Product_model');
-		$product_list = $this->Product_model->add_product($data);
+		$product_list = $this->Product_model->add_product($data,$nonces);
 		echo json_encode($product_list);
 		// var_dump($post);
 		// echo $post->;

application/models/Category_model.php

@@ -7,16 +7,20 @@ public function __construct()
   }
 
 
-  public function add_category($data){
+  public function add_category($data, $nonces){
     $response = array('status'=>'0','msg'=>'failed','data'=>'');
     try{
         // 防止 sql 注入。
         // $dataEscape = $this->db->escape($data);
-        $query = $this->db->insert( 'categories' , $data );
-        // $response['data'] = $query;
-        $response['status'] = '2';
-        $response['msg'] = 'success';
-        return $response;
+        if(isset($nonces) && $nonces == $_SESSION['nonces']){
+            $query = $this->db->insert( 'categories' , $data );
+            // $response['data'] = $query;
+            $response['status'] = '2';
+            $response['msg'] = 'success';
+            return $response;
+        }else {
+            echo 'error';
+        }
     }catch(PDOEXCEPTION $e){
         echo $e->getMessage();
     }

application/models/Product_model.php

@@ -18,16 +18,22 @@ public function get_product_detail($productid){
     }
   }
 
-  public function add_product($data){
+  public function add_product($data, $nonces){
+    // session_start();
     $response = array('status'=>'0','msg'=>'failed','id'=>'');
     try{
         // 防止 sql 注入。 需要每个字段单独拿出来判断。
         // $dataEscape = $this->db->escape($data);
-        $query = $this->db->insert( 'products' , $data );
-        $response['id'] = $this->db->insert_id();
-        $response['status'] = '2';
-        $response['msg'] = 'success';
-        return $response;
+        // Apply and validate secret nonces for every form
+        if(isset($nonces) && $nonces == $_SESSION['nonces']){
+          $query = $this->db->insert( 'products' , $data );
+          $response['id'] = $this->db->insert_id();
+          $response['status'] = '2';
+          $response['msg'] = 'success';
+          return $response;
+        }else {
+          echo 'error';
+        }
     }catch(PDOEXCEPTION $e){
         echo $e->getMessage();
     }

application/views/admin.php

@@ -191,6 +191,7 @@
 						data: values,
 						url: "./ProductAPI/UpdateProduct",
 						dataType: 'json',
+						
 						beforeSend: function() {
 							console.log('正在请求')
 						},

application/views/header.php

@@ -2,10 +2,27 @@
 defined('BASEPATH') OR exit('No direct script access allowed');
 ?>
 
-<div class="page-header">
-    <h1>Phase 1</h1>
-    <div class="row">
-        <div class="dropdown col-sm-3 col-sm-offset-9 col-md-3 col-md-offset-9">
+<div class="row page-header" >
+    <h1 class="col-md-4">Phase 1</h1>
+    <div class="col-md-2 col-sm-3" style="border:1px solid #ccc; padding:20px 0; border-radius:10px; text-align:center">
+      <?php
+					if($data){
+            echo 
+            '
+              <p>' . $data['email'] . '</p>
+              <button type="button" class="logOut">signOut</button>
+            ';
+          } else {
+            echo 
+            '
+              <p>guest</p>
+              <button type="button" class="logIn">logIn</button>
+            ';
+          }
+				?>
+    </div>
+    <div class="col-md-6 col-sm-9">
+        <div class="dropdown col-sm-offset-7 col-md-3 col-md-offset-4">
         <button class="btn-default">Shopping Cart</button>
         <div class="dropdown-content">
             <!-- 渲染 -->
@@ -22,6 +39,8 @@
         init:function(){
             this.getShoppingCarData();
             this.changeProductNum();
+            this.logOut();
+            this.logIn();
         },
         getShoppingCarData:function(){
             var shopingList = JSON.parse(localStorage.getItem("shopCar")) || [];
@@ -68,9 +87,39 @@ function findProd(prod) {
             $('.total-product').html(total);
           })
 
-        }
+        },
 
+        logOut(){
+          $('.page-header').on('click', '.logOut', function(){
+            $.ajax({
+              type: "post",
+              data: {},
+              url: "./Login/LogOut",
+              dataType: 'json',
+              success: function(data) {
+                // that.setShoppingCar(data);
+                if(data.status == 2){
+                  alert('logOut');
+                  window.location.reload();
+                }
+              },
+              error: function() {
+                alert("ajax error");
+              }
+            });
+          })
+        },
 
+        logIn(){
+          $('.page-header').on('click', '.logIn', function(){
+            var url = window.location.href;
+            if(url.indexOf('home')>0){
+              window.location.href = url.split('home')[0]+'login'
+            }else {
+              window.location.href = url.split('item')[0]+'login'
+            }
+          })
+        }
 
     }
     header.init();

application/views/home.php

@@ -1,5 +1,5 @@
 <div class="container-fluid">
-	<?php $this->load->view('header'); ?>
+	<?php $this->load->view('header',['data' => $data['user']]); ?>
 	<div class="row container-fluid product-container">
 		<div class="col-sm-3 col-md-2 sidebar">
 			<ul class="nav nav-sidebar cat-nav-sidebar">

application/views/item.php

@@ -1,5 +1,5 @@
 <div class="container-fluid">
-	<?php $this->load->view('header'); ?>
+	<?php $this->load->view('header',['data' => $data['user']]); ?>
 
 	<div class="row container-fluid">
 		<!-- <div class="col-sm-3 col-md-2 sidebar">