Initial commit: Flutter app + PHP/MySQL backend on Hostinger
Replaces Firebase with a self-hosted PHP/MySQL API served from winded.prymsolutions.com. Includes full backend (schema, auth, events, teams, brackets, suggestions, stats, media, file upload) and updated Flutter repositories and domain models. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
<?php
|
||||
// Copy this file to config.php and fill in your Hostinger MySQL credentials.
|
||||
// Never commit config.php to version control.
|
||||
|
||||
define('DB_HOST', 'localhost');
|
||||
define('DB_NAME', 'u595523489_wndd'); // e.g. u123456789_winded
|
||||
define('DB_USER', 'u595523489_wnddusr'); // e.g. u123456789_winded
|
||||
define('DB_PASS', '@>fnr0E7eS');
|
||||
define('DB_CHARSET', 'utf8mb4');
|
||||
|
||||
function db(): PDO {
|
||||
static $pdo = null;
|
||||
if ($pdo === null) {
|
||||
$dsn = 'mysql:host=' . DB_HOST . ';dbname=' . DB_NAME . ';charset=' . DB_CHARSET;
|
||||
$pdo = new PDO($dsn, DB_USER, DB_PASS, [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
PDO::ATTR_EMULATE_PREPARES => false,
|
||||
]);
|
||||
}
|
||||
return $pdo;
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/database.php';
|
||||
require_once __DIR__ . '/jwt.php';
|
||||
|
||||
// Admin emails that always get admin role regardless of DB role column.
|
||||
const ADMIN_EMAILS = ['philip@theguzmanfamily.com'];
|
||||
|
||||
function cors(): void {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Content-Type, Authorization');
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
||||
http_response_code(204);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
function json_ok(array $data, int $code = 200): void {
|
||||
http_response_code($code);
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode($data);
|
||||
exit;
|
||||
}
|
||||
|
||||
function json_err(string $msg, int $code = 400): void {
|
||||
http_response_code($code);
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(['error' => $msg]);
|
||||
exit;
|
||||
}
|
||||
|
||||
function require_auth(): array {
|
||||
$h = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
|
||||
if (!str_starts_with($h, 'Bearer ')) json_err('Unauthorized', 401);
|
||||
$payload = JWT::decode(substr($h, 7));
|
||||
if ($payload === null) json_err('Unauthorized', 401);
|
||||
return $payload;
|
||||
}
|
||||
|
||||
function require_admin(): array {
|
||||
$p = require_auth();
|
||||
if (($p['role'] ?? '') !== 'admin') json_err('Forbidden', 403);
|
||||
return $p;
|
||||
}
|
||||
|
||||
function require_manager_or_admin(): array {
|
||||
$p = require_auth();
|
||||
$r = $p['role'] ?? '';
|
||||
if ($r !== 'admin' && $r !== 'manager') json_err('Forbidden', 403);
|
||||
return $p;
|
||||
}
|
||||
|
||||
function uuid(): string {
|
||||
$b = random_bytes(16);
|
||||
$b[6] = chr(ord($b[6]) & 0x0f | 0x40);
|
||||
$b[8] = chr(ord($b[8]) & 0x3f | 0x80);
|
||||
return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($b), 4));
|
||||
}
|
||||
|
||||
function body(): array {
|
||||
return json_decode(file_get_contents('php://input'), true) ?? [];
|
||||
}
|
||||
|
||||
function resolve_role(string $email, string $dbRole): string {
|
||||
return in_array(strtolower(trim($email)), ADMIN_EMAILS) ? 'admin' : $dbRole;
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
// Change JWT_SECRET to a long random string before deploying.
|
||||
define('JWT_SECRET', 'f0gHGG23#5j9gaGg90asndfa9gtybama89G#');
|
||||
define('JWT_TTL', 60 * 60 * 24 * 30); // 30 days
|
||||
|
||||
class JWT {
|
||||
public static function encode(array $payload): string {
|
||||
$header = self::b64e(json_encode(['alg' => 'HS256', 'typ' => 'JWT']));
|
||||
$payload['iat'] = time();
|
||||
$payload['exp'] = time() + JWT_TTL;
|
||||
$payload = self::b64e(json_encode($payload));
|
||||
$sig = self::b64e(hash_hmac('sha256', "$header.$payload", JWT_SECRET, true));
|
||||
return "$header.$payload.$sig";
|
||||
}
|
||||
|
||||
public static function decode(string $token): ?array {
|
||||
$parts = explode('.', $token);
|
||||
if (count($parts) !== 3) return null;
|
||||
[$header, $payload, $sig] = $parts;
|
||||
$expected = self::b64e(hash_hmac('sha256', "$header.$payload", JWT_SECRET, true));
|
||||
if (!hash_equals($expected, $sig)) return null;
|
||||
$data = json_decode(self::b64d($payload), true);
|
||||
if (!$data || ($data['exp'] ?? 0) < time()) return null;
|
||||
return $data;
|
||||
}
|
||||
|
||||
private static function b64e(string $v): string {
|
||||
return rtrim(strtr(base64_encode($v), '+/', '-_'), '=');
|
||||
}
|
||||
|
||||
private static function b64d(string $v): string {
|
||||
return base64_decode(strtr($v, '-_', '+/') . str_repeat('=', (4 - strlen($v) % 4) % 4));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user