honprogram · SarahMoradi · Jun 17, 2024
diff --git a/iot/active.php b/iot/active.php
@@ -1,25 +1,34 @@
-<?php
-header('Content-Type: application/json');
-$token='EOQmeqYqUuq1ZoSx17AS';
-if (isset($_GET['tkn']) && !empty($_GET['tkn'])) {
-    if(($_GET['tkn']) == $token){
-           include_once 'classes/autoload.php';
-    $db = new Database;
-        $query = $db->conn->query("UPDATE `user` SET `active`= 1");
-        if($query){
-    echo json_encode(array('status' => 'all ID active'));
-        }else{
-    echo json_encode(array('status' => 'active not update'));
-
-        }
-
-    $db->conn->close(); 
-    }else{
-            echo json_encode(array('status' => 'tkn false'));
-
-    }
-
-
-} else {
-    echo json_encode(array('status' => 'Invalid information entered'));
-}
+<?php
+header('Content-Type: application/json');
+
+include_once 'classes/autoload.php';
+$db = new Database();
+
+if (isset($_GET['tkn']) && !empty($_GET['tkn'])) {
+    $token = $_GET['tkn'];
+
+    // Query to check if token exists in the database
+    $check_token_query = $db->conn->prepare("SELECT * FROM `user` WHERE `token` = ?");
+    $check_token_query->bind_param('s', $token);
+    $check_token_query->execute();
+    $result = $check_token_query->get_result();
+
+    if ($result->num_rows == 1) {
+        $update_query = $db->conn->prepare("UPDATE `user` SET `active` = 1 WHERE `token` = ?");
+        $update_query->bind_param('s', $token);
+        $update_result = $update_query->execute();
+
+        if ($update_result) {
+            echo json_encode(array('status' => 'success', 'message' => 'All IDs activated'));
+        } else {
+            echo json_encode(array('status' => 'error', 'message' => 'Failed to update active status'));
+        }
+    } else {
+        echo json_encode(array('status' => 'error', 'message' => 'Invalid token'));
+    }
+
+    $check_token_query->close();
+    $db->conn->close();
+} else {
+    echo json_encode(array('status' => 'error', 'message' => 'Token not provided'));
+}
diff --git a/iot/createID.php b/iot/createID.php
@@ -1,86 +1,89 @@
-<?php
-header('Content-Type: application/json');
-
-include_once 'classes/autoload.php';
-$db = new Database();
-
-function straRandom($len)
-{
-    $res = '';
-    $a = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9));
-    shuffle($a);
-    if ($len > 0 && $len < count($a)) {
-        for ($i = 0; $i < $len; $i++) {
-            $res .= $a[rand(0, $len - 1)];
-        }
-    }
-    return $res;
-}
-
-
-if (isset($_GET['id']) ) {
-$clientID=$_GET['id'];
-
-
-
-    $token = straRandom(20);
-    $username = "user".$clientID;
-
-    $tableName = "id_" . $clientID;
-
-
-
-
-    $findTable = $db->conn->query("SHOW TABLES LIKE '$tableName' ");
-    if (mysqli_num_rows($findTable) > 0) {
-
-        echo json_encode(array('status' => 'The entered ID is duplicate'));
-    } else {
-        $createTable = $db->conn->query("CREATE TABLE " . $tableName . "(
-    ID INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
-    clientID VARCHAR(255) NOT NULL,
-    ip VARCHAR(255),
-    ina INT DEFAULT 0,
-    inb INT DEFAULT 0,
-    inc INT DEFAULT 0,
-    ind INT DEFAULT 0,
-    ine INT DEFAULT 0,
-    inf INT DEFAULT 0,
-    ing INT DEFAULT 0,
-    inh INT DEFAULT 0,
-    sena VARCHAR(4) DEFAULT 'off',
-    senb VARCHAR(4) DEFAULT 'off',
-    senc VARCHAR(4) DEFAULT 'off',
-    send VARCHAR(4) DEFAULT 'off',
-    sene VARCHAR(4) DEFAULT 'off',
-    senf VARCHAR(4) DEFAULT 'off',
-    seng VARCHAR(4) DEFAULT 'off',
-    senh VARCHAR(4) DEFAULT 'off',
-    timestamp INT ,
-    time_date timestamp DEFAULT CURRENT_TIMESTAMP)");
-        if ($createTable) {
-            $craeteUser = $db->conn->query("INSERT INTO `user`(`clientID`, `username`, `token`) VALUES ('$clientID','$username','$token')");
-
-            if ($craeteUser) {
-
-                echo json_encode(array(
-                    'status' => 'data inserted',
-                    'clientID' => $clientID,
-                    'token' => $token,
-                    'username' => $username,
-                    'date' => date("Y-m-d"),
-                    'time' => date('H:i:s')
-                ));
-            } else {
-                echo json_encode(array('status' => 'User not created'));
-            }
-        } else {
-            echo json_encode(array("status" => 'Failed to create table'));
-        }
-    }
-
-
-}
- else {
-    echo json_encode(array('status' => 'The requested information was not entered correctly'));
-}
+<?php
+header('Content-Type: application/json');
+
+include_once 'classes/autoload.php';
+$db = new Database();
+
+function generateToken($length = 20)
+{
+    return bin2hex(random_bytes($length / 2));
+}
+
+function hashPassword($password)
+{
+    return password_hash($password, PASSWORD_DEFAULT);
+}
+
+if (isset($_GET['id']) && isset($_GET['password'])) {
+    $clientID = $_GET['id'];
+    $password = $_GET['password'];
+
+    // Generate a random token
+    $token = generateToken(20); // Generate a longer token if needed
+
+    $username = "user" . $clientID;
+
+    $hashedPassword = hashPassword($password);
+
+    $tableName = "id_" . $clientID;
+
+    $findTable = $db->conn->query("SHOW TABLES LIKE '$tableName' ");
+
+    if (mysqli_num_rows($findTable) > 0) {
+        echo json_encode(array('status' => 'The entered ID is duplicate'));
+    } else {
+        $createTable = $db->conn->query("CREATE TABLE $tableName (
+            ID INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
+            clientID VARCHAR(255) NOT NULL,
+            username VARCHAR(255) NOT NULL,
+            password VARCHAR(255) NOT NULL,
+            token VARCHAR(255) NOT NULL,
+            ip VARCHAR(255),
+            ina INT DEFAULT 0,
+            inb INT DEFAULT 0,
+            inc INT DEFAULT 0,
+            ind INT DEFAULT 0,
+            ine INT DEFAULT 0,
+            inf INT DEFAULT 0,
+            ing INT DEFAULT 0,
+            inh INT DEFAULT 0,
+            sena VARCHAR(4) DEFAULT 'off',
+            senb VARCHAR(4) DEFAULT 'off',
+            senc VARCHAR(4) DEFAULT 'off',
+            send VARCHAR(4) DEFAULT 'off',
+            sene VARCHAR(4) DEFAULT 'off',
+            senf VARCHAR(4) DEFAULT 'off',
+            seng VARCHAR(4) DEFAULT 'off',
+            senh VARCHAR(4) DEFAULT 'off',
+            timestamp INT,
+            time_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+        )");
+
+        if ($createTable) {
+            $createUser = $db->conn->query("INSERT INTO `user` (`clientID`, `username`, `password`, `token`) 
+                                            VALUES ('$clientID', '$username', '$hashedPassword', '$token')");
+
+            if ($createUser) {
+                echo json_encode(
+                    array(
+                        'status' => 'Data inserted',
+                        'clientID' => $clientID,
+                        'token' => $token,
+                        'username' => $username,
+                        'date' => date("Y-m-d"),
+                        'time' => date('H:i:s')
+                    )
+                );
+            } else {
+                echo json_encode(array('status' => 'User not created'));
+            }
+        } else {
+            echo json_encode(array('status' => 'Failed to create table'));
+        }
+    }
+
+} else {
+    echo json_encode(array('status' => 'Invalid request'));
+}
+
+$db->conn->close();
diff --git a/iot/generateToken.php b/iot/generateToken.php
@@ -0,0 +1,59 @@
+<?php
+header('Content-Type: application/json');
+
+include_once 'classes/autoload.php';
+$db = new Database();
+
+function generateToken($length = 20)
+{
+    return bin2hex(random_bytes($length / 2));
+}
+
+if (isset($_GET['username']) && isset($_GET['password'])) {
+    $username = $_GET['username'];
+    $password = $_GET['password'];
+
+    // Validate user credentials
+    $query = $db->conn->prepare("SELECT * FROM `user` WHERE `username` = ?");
+    $query->bind_param('s', $username);
+    $query->execute();
+    $result = $query->get_result();
+
+    if ($result->num_rows == 1) {
+        $user = $result->fetch_assoc();
+
+        // Verify password hash
+        if (password_verify($password, $user['password'])) {
+            // Password is correct, generate new token
+            $token = generateToken();
+
+            // Update user token in the database
+            $update_query = $db->conn->prepare("UPDATE `user` SET `token` = ? WHERE `username` = ?");
+            $update_query->bind_param('ss', $token, $username);
+            $update_result = $update_query->execute();
+
+            if ($update_result) {
+                echo json_encode(
+                    array(
+                        'status' => 'success',
+                        'username' => $username,
+                        'token' => $token
+                    )
+                );
+            } else {
+                echo json_encode(array('status' => 'Failed to update token'));
+            }
+        } else {
+            echo json_encode(array('status' => 'Invalid password'));
+        }
+    } else {
+        echo json_encode(array('status' => 'User not found'));
+    }
+
+    $query->close();
+
+} else {
+    echo json_encode(array('status' => 'Invalid request'));
+}
+
+$db->conn->close();