API Project - Part 10 - Going Live

Moving to the live server

Make sure you can log into cPanel.

Export your database from PHPMyAdmin on your Ubuntu VM

Create a database on your live server

Put the database name in a safe place, you'll need it later

Create a user account that can access the database on your live server

Put the user login and password in a safe place, you'll need it later

Import your database into the database on your live server

Enter the login information in your config file

Copy your files to the live server

Create an api folder in the doc root directory of your live server.

Copy the following files into the folder you just created (on the live server):

index.php
.htaccess (this file redirects all requests to index.php)
includes (the folder that contains all of our components)

BUGS AND ISSUES

ISSUE: We need to make sure all requests and responses are using HTTPS

ISSUE: Users should not be able to change their own role or active status!

Updating Users

We discovered a bug, that when you run an update statement for a user that doesn't exist, the $result will be true

Here's the update() method with one fix we came up with:

function update($user  /*, $hashPassword = false*/){
    
    // notice that I commented out the optional param (above)

	$row = $this->convertModelToRow($user);

	$qStr;

	if(!empty($user->password)){
		// If the password is NOT empty, then we'll salt and hash it 
		$salt = $this->getRandomSalt();
        $hashedPassword = $this->saltAndHashPassword($salt, $row['user_password']);

        $qStr = "UPDATE users SET
				user_first_name = '{$row['user_first_name']}',
				user_last_name = '{$row['user_last_name']}',
				user_email = '{$row['user_email']}', 
				user_role = '{$row['user_role']}',
				user_password = '$hashedPassword',
				user_salt = '$salt', 
				user_active = '{$row['user_active']}'
			WHERE user_id = " . $row['user_id'];
	}else{
		// If the password is emtpy we just won't include the password
		// and the salt in the update query, which will leave them as they are in the database 
        $qStr = "UPDATE users SET
				user_first_name = '{$row['user_first_name']}',
				user_last_name = '{$row['user_last_name']}',
				user_email = '{$row['user_email']}', 
				user_role = '{$row['user_role']}',
				user_active = '{$row['user_active']}'
			WHERE user_id = " . $row['user_id'];
	}
	//die("$qStr");

	$result = mysqli_query($this->link, $qStr) or $this->handleError(mysqli_error($this->link));

	/*
	// Note that we had this, but then discovered some issues with it
	// It would be a good idea to go through the steps to fixing this one
	if($result){
		return true;
	}else{
		//$this->handleError("Unable to update user");
		return false;
	}
	*/

	// The only way we can find out if any rows have been changed is to use mysqli_info()
	// Unfortunately, it returns a string that we have to parse
	$mysqli_info_parts = preg_split("/ +/", mysqli_info($this->link));
	$rows_matched = $mysqli_info_parts[2]; // The number of rows that match the user_id
	$rows_changed = $mysqli_info_parts[4]; // The number of rows that actually changed
	
	if($result && mysqli_affected_rows($this->link) == 1){
		return true;
	}else if($rows_matched == 0){
		$this->handleError("Invalid user id - user does not exist");
	}else if($rows_changed == 0){
		// Do we really want an eror here??? Could cause problems on the front end
		//$this->handleError("User was not actually changed"); 
		// We could just return true and not throw any error
		return true;
	}else{
		$this->handleError("Unable to update user");
	}

	return false;
}

Error on Live Server

I saw this error come in from the live server:

THIS IS OUR CUSTOM ERROR HANDLER
ERROR NUMBER: 8192
ERROR MSG: mysqli_real_escape_string(): Passing null to parameter #2 ($string) of type string is deprecated
FILE: /home/wtcweb/public_html/api/includes/dataaccess/UserDataAccess.inc.php
LINE NUMBER: 324

Here is the line of code on 324 (it's in the login() method):

$email = mysqli_real_escape_string($this->link, $email);

Potenital Fix Add validation code to the login controller to make sure the request body has the proper data (email and password)

###############################################

CORS (Cross Origin Requests)

###############################################

NOTES: here is some code that I commented out in the Controller class (should I keep it, it may be handy if we want to control how the live server handles CORS requests)

/*  I REMOVED THIS METHOD AND ALLOW CORS REQUESTS IN THE CONFIG FILE (FOR DEV SERVER ONLY)
// allow ajax calls from other domains (Cross Origin Requests)
// * allows requests from any domain, but you could be specific
function allowCors($domain="*"){
	
	header("Access-Control-Allow-Origin: $domain");
	// You could also allow only certain headers to be sent in CORS requests   
	header("Access-Control-Allow-Headers: *");  
}
*/

CREATE A NEW BRANCH FOR THIS

###############################################

Simulate Inheritance in the DB

############################################### Make an employees table: user_id department salary hire_date

Make an Employee model class (extends User???)

###############################################

Pagination

###############################################

###############################################

Forgot Password (Reset)

###############################################