This is the backend part of Daily Agenda, a full-stack todo list and weather app built with PHP and MySQL.
- Introduction
- Features
- Security Measures
- Getting Started
- API Endpoints
- Usage
- Technologies Used
- Contact
Welcome to the backend of Daily Agenda! This repository contains the server-side logic and database setup for the Daily Agenda application. The backend is built with PHP and MySQL, and it plays a crucial role in the overall functionality of the application.
The backend serves as the API for the frontend, handling all data-related operations. It provides endpoints for user registration and authentication, as well as for managing todos. When a user registers or logs in through the frontend, the backend validates the user credentials and generates a JSON Web Token (JWT) for secure sessions.
For todo management, the backend provides endpoints for creating, reading, updating, and deleting todos. The frontend communicates with these endpoints to perform the respective operations, sending requests to the backend and receiving responses.
The backend also interacts with a MySQL database to persist user and todo data. It uses the vlucas/phpdotenv
package to manage environment variables, and the Firebase PHP-JWT library for handling JWTs.
In summary, the backend is responsible for processing requests from the frontend, interacting with the database, and returning responses back to the frontend. It ensures secure user authentication and efficient data management for the Daily Agenda application.
- User Authentication: Secure user registration and login using JSON Web Tokens (JWT).
- Todo Management: Handle the CRUD operations for registered user's todos.
- Database Interaction: Utilize MySQL to store and retrieve user data.
The backend takes several measures to ensure the security of user data:
- Data Validation: All incoming data is validated before being processed. This ensures that only valid and expected data is sent to the database, preventing SQL injection attacks and other forms of data corruption.
- Data Sanitization: Incoming data is sanitized to remove any potentially harmful characters that could be used in an attack. This is especially important for data that will be displayed in the frontend to prevent cross-site scripting (XSS) attacks.
- Data Escaping: Data that is included in SQL queries is escaped to ensure that it is treated as data and not part of the SQL command. This prevents SQL injection attacks.
- Password Hashing: User passwords are hashed before being stored in the database. This means that even if the database is compromised, the actual passwords remain secure.
- JWT for Sessions: JSON Web Tokens (JWT) are used for managing user sessions. This provides a stateless and secure method for authenticating users on subsequent requests after login.
These measures help to ensure that the backend handles sensitive user data in a secure manner.
This project was developed using MAMP. If you're using MAMP or a similar local server environment (like XAMPP or WampServer), the setup process should be straightforward.
This project uses the vlucas/phpdotenv
package to load environment variables from a .env
file. This file should be located in the root directory of the project.
These environment variables are then accessible in the PHP code via the $_ENV
superglobal array or the getenv()
function.
For example, to get the database host, you would use $_ENV['DB_HOST']
or getenv('DB_HOST')
.
For the JWT_KEY
, it's recommended to use a strong, random key. You can generate one using a tool like RandomKeygen. Replace myjwtkey
with the generated key.
- Clone the backend repository.
- Install PHP dependencies:
composer install
- Create a .env file in the root of your project and configure your database connection:
DB_HOST=your-database-host
DB_PORT=your-database-port
DB_DATABASE=your-database-name
DB_USER=your-database-user
DB_PASSWORD=your-database-password
JWT_KEY=myjwtkey
- Start the PHP development server:
php -S localhost:8888
To set up the database for this project, you need to run the create_daily_agenda_db.sql
script located in the database
directory. This script will create the daily_agenda
database and the todos
and user
tables.
Here are the steps to run the script using various tools:
- Open MySQL Workbench and connect to your MySQL server with your username and password.
- Click on
File > Open SQL Script
and select thecreate_daily_agenda_db.sql
script. - Click on the lightning bolt icon to execute the script.
- Open phpMyAdmin and log in with your username and password.
- Click on the
Import
tab. - Click on
Choose File
and select thecreate_daily_agenda_db.sql
script. - Click on
Go
to execute the script.
- Open the MySQL command line tool and log in with your username and password.
- Use the
source
command to execute the script:
source /path/to/create_daily_agenda_db.sql
- Endpoint:
POST /user_registration.php
- Request body: JSON with
fullName
,email
, andpassword
fields.
Example request:
{
"fullName": "John Doe",
"email": "john@example.com",
"password": "password123"
}
Example response:
{
"message": "Registration successful."
}
- Endpoint:
POST /user_login.php
- Request body: JSON with
email
, andpassword
fields.
Example request:
{
"email": "john@example.com",
"password": "password123"
}
Example response:
{
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxIiwiaWF0IjoxNjI5MzI4Mzg0LCJleHAiOjE2MjkzMzE5ODR9.5Y9oY2WugJDkGs2dh17YpI5eCq_rSZt8cI6VZf6o5w4"
}
- Endpoint:
GET /fetch_todos.php
- Requires a valid JWT in the Authorization header.
Example response:
{
"todos": [
{
"taskId": "1",
"completed": "0",
"data": "Buy milk",
"createdAt": "2021-08-18 12:00:00",
"completedAt": null
},
{
"taskId": "2",
"completed": "1",
"data": "Walk the dog",
"createdAt": "2021-08-18 12:00:00",
"completedAt": "2021-08-18 13:00:00"
}
]
}
- Endpoint:
POST /insert_todos.php
- Request body: JSON with completed and data fields.
- Requires a valid JWT in the Authorization header.
Example request:
{
"completed": "0",
"data": "Buy bread"
}
Example response:
{
"message": "Todo inserted successfully."
}
- Endpoint:
PUT /update_data-completed.php
- Request body: JSON with
taskId
,completed
, andcompletedAt
fields. - Requires a valid JWT in the Authorization header.
Example request:
{
"taskId": "1",
"completed": "1",
"completedAt": "2021-08-18 14:00:00"
}
Example response:
{
"message": "Todo updated successfully."
}
- Endpoint:
DELETE /delete_todo.php
- Request body: JSON with
taskId
field. - Requires a valid JWT in the Authorization header.
Example request:
{
"taskId": "1"
}
Example response:
{
"message": "Todo deleted successfully."
}
This backend serves as the API endpoint for the Daily Agenda front end. Ensure the front end is configured to make requests to this backend URL.
The backend of Daily Agenda is built with PHP 7.4 and interacts with a MySQL 5.7 database. It uses JSON Web Tokens (JWT) for user authentication, with the Firebase PHP-JWT library version 5.2.0.
For inquiries or questions, feel free to contact me at lindyo87@gmail.com. You can view the rest of my portfolio here.
If you find this project helpful, please consider giving it a star on GitHub:
You can also check out the frontend repository for this project here.