authentication

GilaCMS · May 1, 2020 · 7056a5e · 7056a5e
1 parent 7dfc38a
commit 7056a5e
Show file tree

Hide file tree

Showing 6 changed files with 175 additions and 129 deletions.
diff --git a/source/api-db.md b/source/api-db.md
@@ -0,0 +1,116 @@
+## Class db
+Class db prepare statements for mysql queries to the connected database.
+We use the global ``$db`` instance to access its methods.
+
+### query ()
+Runs a query and returns the result.
+
+**Parameters**
+- $q:string The query.
+- $args:array (optional) Values to prepare the statement.
+
+Examples:
+```
+$result1 = $db->query("SELECT title,author FROM post;");
+$result2 = $db->query("SELECT title,author FROM post WHERE user_id=?;",[session::user_id()]);
+```
+
+
+### get ()
+Runs a query and returns the results as an array.
+
+**Parameters**
+- $q:string The query.
+- $args:array (optional) Values to prepare the statement.
+
+Example:
+```
+$result = $db->get("SELECT title,author FROM post;");
+// Returns
+[
+  0=>[0=>'Lorem ipsum', 'title'=>'Lorem ipsum', 1=>'John', 'author'=>'John'],
+  1=>[0=>'Duis aute irure', 'title'=>'Duis aute irure', 1=>'John', 'author'=>'John'],
+]
+```
+
+
+### gen ()
+Runs a query and returns a generator that yields the rows.
+
+**Parameters**
+- $q:string The query.
+- $args:array (optional) Values to prepare the statement.
+
+Example:
+```
+$generator = $db->gen("SELECT title,author FROM post;");
+```
+
+
+### getRows ()
+Runs a query and returns the results as an array. With rows fetched with mysqli_fetch_row().
+
+**Parameters**
+- $q:string The query.
+- $args:array (optional) Values to prepare the statement.
+
+Example:
+```
+$result = $db->get("SELECT title,author FROM post;");
+// Returns
+[
+  0=>[0=>'Lorem ipsum',1=>'John'],
+  1=>[0=>'Duis aute irure',1=>'John'],
+]
+```
+
+
+### getList ()
+Runs a query and returns an array with the values of the first columns from the results.
+
+**Parameters**
+- $q:string The query.
+- $args:array (optional) Values to prepare the statement.
+
+Example:
+```
+$titles = $db->get("SELECT title,author FROM post;");
+// Returns
+[0=>'Lorem ipsum', 1=>'Duis aute irure']
+```
+
+
+### value ()
+Runs a query and returns the value of the first column of the first row of the results.
+
+**Parameters**
+- $q:string The query.
+- $args:array (optional) Values to prepare the statement.
+
+Example:
+```
+$res = $db->get("SELECT title FROM post WHERE id=1;");
+// returns
+'Lorem ipsum'
+```
+
+
+### error ()
+Return an error if exists from the last query executed.
+
+Example:
+```
+$res = $db->get("SELECT title,author FROM post;");
+if ($error = $db->error()) {
+  trigger_error($error);
+}
+```
+
+
+### close ()
+Closes the connection to the database.
+
+Example
+```
+$db->close();
+```
diff --git a/source/api-db.rst b/source/api-db.rst
diff --git a/source/auth.md b/source/auth.md
@@ -0,0 +1,54 @@
+### Authentication
+
+In order to make the calls of Web APIs from a different domain you will need to use the token from your user.
+
+**How to generate a Token**
+
+You can generate a unique token key from the */admin/profile* page. Keep this key in secret.
+
+
+**Use the Token from server calls (PHP)**
+
+You can send the token as post parameter:
+```
+$url = "https://example.com/cm/delete/post";
+$token = "<UNIQUE_TOKEN>";
+$options = [
+  'http' => [
+    'method'  => 'POST',
+    'header'  => "Content-type: application/json",
+    'content' => http_build_query(['id'=>2, 'token'=>$token]),
+    'ignore_errors' => true
+  ]
+];
+
+$context = stream_context_create($options);
+$response = file_get_contents($url, false, $context);
+```
+
+**Authenticate from front-end (Javascript)**
+
+In order to make calls from a different domain, you should include the domain of your front-end app in the website's **cors** value. In *config.php* of your installation add:
+```
+'cors'=> ['myapp.com']
+```
+
+From javascript you should authenticate first the user with cedentials and then use the token in your calls.
+
+Example using axios:
+```
+// authenticate
+axios.post('https://example.com/login/auth', {
+  email: 'user@mail.com',
+  password: 'password'
+})
+.then((response) => {
+  token_key = response.data.token;
+});
+
+// send a request
+axios.post('https://example.com/cm/delete/post', {
+  id: 2,
+  token: token_key
+})
+```
diff --git a/source/conf.py b/source/conf.py
@@ -61,9 +61,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = u'1.11'
+version = u'1.12'
 # The full version, including alpha/beta/rc tags.
-release = u'1.11.7'
+release = u'1.12.5'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

diff --git a/source/content.md b/source/content.md
@@ -44,9 +44,9 @@ Media are the images that you want to use for your posts. They are saved as file
 
 ![Media](assets/media.png)
 
-## File Manager
+## Logs
 
-In this page you can navigate inside the files of the installation.
+In this page you can navigate inside the log files of the installation.
 
 ## DB Backups
 

diff --git a/source/toctree.rst b/source/toctree.rst
@@ -44,6 +44,7 @@ Contents:
    :maxdepth: 2
    :caption: Web Api:
 
+   auth
    cm
    fm