This project is an implementation of the Blokus online game. It is a 2-player online game. One player creates a room and waits for another player to join. Once the second player joins the room, the game starts. Each player has his own boards with the available blocks. Player one owns the blue and the red boards and player two owns the yellow and the green boards. By clicking on a block, the block is selected. When the player clicks on the main board, the block disappears from their board and appears on the main board. Then, it is the second player’s turn. The first piece from each of the available boards of pieces, should be placed in one of the corners of the board. Regarding the next moves, at least one of the corners of the piece that is going to be placed, must touch a corner of the other placed pieces which have the same color. If the piece touches sides with a piece that’s the same color, it is considered as an illigal move. It’s okay if a piece touches the edges or sides of a piece that’s differently colored. The player can also rotate and flip the piece, following always the above rules. The app checks for any illigal move and updates the user. The game finishes if a player empties one of hid two boards, if one of the players hasn't any available moves or when a player presses the leave button. Both of the players start with 178 points, 89 for each of their boards. A block is considered as 1 point, so for example a piece with 5 blocks has 5 points value. For each piece that is placed its value is subtracted from the player's score. If a player has played all of his pieces, 15 more points are subtracted from his score. The player with the least points wins.
- /createRoom.php
The script handles the creation of a game room for a player. It starts by including a database connection and session management files. It checks if the incoming HTTP request is a POST request and then processes the JSON body to retrieve the player1_id. After sanitizing the input, it queries the database to check if the player already has an active room. If no active room exists, it creates a new room with the player's ID, setting the status to "waiting". If successful, it returns the new room's ID. If the player already has an active room, it returns an error with a conflict status code. Errors during database operations or invalid HTTP methods are handled with appropriate responses.
- /deleteRoom.php
The script is designed to delete a game room based on its room_id. It begins by including a database connection and session management files. The script checks if the incoming HTTP request is a POST request. It then decodes the JSON body to extract and validate the room_id. Using this ID, it attempts to delete the corresponding room from the database. If successful, it responds with a status code of 200. If a database error occurs, a server error response is returned. Requests using methods other than POST are rejected with a 405 status code and an error message.
- /getAvailableRooms.php
The script retrieves all game rooms from the database. It starts by including a database connection and session management files. It checks if the incoming HTTP request is a GET request. If so, it executes a query to fetch all records from the rooms table. The results are stored in an array, which is then returned as a JSON response with a 200 status code. If a database error occurs, a 404 error response is returned. Requests using methods other than GET are rejected with a 405 status code and an error message.
- /getBoardById.php
This PHP script handles a GET request to retrieve a specific board’s details from the database by its ID. It first validates and sanitizes the board_id to prevent invalid input or SQL injection. Then it queries the database, checks if the board is found, and converts certain fields (like board_p1_1, board_p2_1, etc.) from JSON strings into PHP arrays/objects. Finally, it returns the board data in JSON format or an appropriate error message if anything goes wrong.
- /getPlayerBoardByIdAndRoom.php
The script retrieves a specific board field from the boards table in the database. It includes database connection and session management files and validates that the request method is GET. It extracts and validates the room_id and boardNum parameters from the query string. Using these parameters, it dynamically constructs a query to fetch the specified column (boardNum) for the given board ID (room_id). The result is returned as a JSON response with a 200 status code. If a database error occurs, it responds with a 500 error and the exception message. Requests using methods other than GET are rejected with a 405 status code and an error message.
- /getRoomById.php
The script retrieves details of a specific room from the database. It starts by including database connection and session management files. The request method is validated to ensure it is a GET request. The room_id parameter is extracted from the query string and validated as an integer. Using this ID, the script queries the rooms table to fetch all details of the specified room. The resulting data is returned as a JSON response with a 200 status code. If an error occurs during database operations, a 500 error with a generic error message is returned. Requests using methods other than GET are rejected with a 405 status code and an error message.
- /login.php
The script handles user authentication by verifying a username and password against the database. It begins by including session management and database connection files. It ensures that the request method is POST, then decodes the JSON body to extract the username and password, sanitizing the inputs. The script queries the users table for the provided username. If the username does not exist, it returns a 404 status code with an error message. If the user is found, the password is verified against the stored password hash using password_verify. If the password is correct, the user’s session is initialized with their ID, username, and a logged_in status. A 200 status code and the user ID are returned. If the password is incorrect, a 401 status code is sent with an error message. Database errors and non-POST requests are handled with appropriate status codes and error messages.
- /logout.php
The script handles user logout by terminating the current session. It begins by including the session management file and checks if the request method is POST. If so, it clears all session variables using session_unset() and destroys the session with session_destroy(). A JSON response with a 200 status code confirms the successful logout. If the request method is not POST, a 405 status code and an error message are returned.
- /player2Join.php
The script handles the process of adding a second player to a game room and updating the room's status. It begins by including session management and database connection files. The script checks if the request method is POST and then processes the incoming JSON body to extract the room_id and player2_id values, validating them as integers. If any parameter is missing or invalid, it returns a 400 status code with an error message. Otherwise, it proceeds to update the rooms table by setting the player2_id and changing the room's status to "in_progress". If the update is successful, a 200 status code is returned. In case of a database error, a 500 error is returned with an appropriate error message. Non-POST requests are rejected with a 405 status code and an error message.
- /register.php
The script handles user registration by creating a new account in the database. It begins by handling the OPTIONS request for CORS (Cross-Origin Resource Sharing), setting appropriate headers for allowing requests from a specific origin. If the request method is POST, it processes the incoming JSON data, extracting and sanitizing the username, password, and email fields. If any of the required fields are missing, it returns a 400 status code with an error message. If all fields are provided, the password is hashed using password_hash and then an INSERT query is executed to add the new user to the users table. If the query is successful, a 201 status code is returned with a success message. If an account already exists with the provided credentials, a 409 status code and an error message are returned. Non-POST requests are rejected with a 405 status code and an error message.
- /session_manager.php
This script is responsible for managing user sessions, including session creation, session expiration, and security. It begins by setting appropriate HTTP headers for handling CORS (Cross-Origin Resource Sharing) and enabling cookies for secure session handling. The script ensures that session cookies are configured with secure parameters such as secure, httponly, and samesite to protect against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. When a session starts, it checks if the session has been inactive beyond a defined inactivity limit (1800 seconds or 30 minutes). If so, the session is destroyed, and the user is informed with a 403 status code and an error message indicating session expiration. If the session has exceeded the defined lifetime (15 minutes), the session ID is regenerated for security purposes to prevent session fixation attacks. The script also ensures that only authenticated users can access certain pages (e.g., excluding the login page). If the user is not logged in, they will be denied access with a 401 status code and an "Unauthorized access" message. Finally, it updates the LAST_ACTIVITY timestamp to track the most recent activity, helping monitor session activity and enforcing the inactivity limit.
- /setBlockToMainBoard.php
This PHP script handles updating a game board in a database. When a POST request is made, it expects a JSON payload containing parameters like board_id, block, block_id, player, player_id, and piece_length. The script begins by validating these parameters, returning a 400 error if any required data is missing or invalid. It then queries the database for the specified board using board_id. If the board is not found, a 404 error is returned. After retrieving the board, the script determines which player field to update based on the player parameter and decodes both the player’s blocks and the main board from JSON. If the specified block_id does not exist in the player’s blocks, a 400 error is returned with information about the missing block. If the block is found, it is removed from the player's blocks.The script then calculates whose turn it is by switching between player values (e.g., 1.1 to 2.1, 2.2 to 1.1, etc.) and updates the player's points by subtracting piece_length. If the player is down to only one block left, an additional 15 points are subtracted. Finally, the removed block is appended to the main board along with its player field identifier, and all updated data (player blocks, main board, turn, and points) is saved back to the database If everything succeeds, a 200 response with the updated board data is returned. If a database or server error occurs, the script responds with a 500 error. The script then closes the prepared statements and the database connection before completing the process.
- /setBoards.php
This PHP script is designed to handle the creation of a new game board in a database when a POST request is made. It starts by enabling error reporting for debugging purposes. The script first checks if the required blocks data and board_id are present in the incoming JSON payload. If any of these are missing, it returns a 400 status code with an error message indicating that blocks data was not provided. After verifying the required data, the script proceeds to extract the board_id, blocks, and player_id from the request. The blocks are then encoded into a JSON string, and an empty JSON array is initialized for the board_main. The script then constructs an SQL query to insert a new record into the boards table. This query includes the board ID, the blocks for both players (board_p1_1, board_p1_2, board_p2_1, board_p2_2), the empty board_main, and the player_turn field set to the player ID. The SQL query is executed, and if it succeeds, a 200 status code is returned, indicating that the room was created successfully. If the query fails for any reason, it returns a 500 status code with the error message from the database. In case of an exception (such as a problem with the SQL execution), a 409 error is returned, suggesting that the room is full and cannot accommodate another player. Finally, the script closes the database connection. If the request method is not POST, a 405 error is returned, indicating that the request method is not allowed.
- /sse.php
This PHP script creates a Server-Sent Events (SSE) connection to provide real-time updates from a game, following these steps: First, it includes the dbconnection.php and session_manager.php files for handling database connections and sessions. The session is then closed using session_write_close() to allow session data to be used without blocking other operations. The script sets the response headers to support SSE communication by setting the Content-Type to text/event-stream, indicating that the response will be a continuous stream of events. It also prevents response caching with Cache-Control: no-cache and keeps the connection alive with the Connection: keep-alive header. The function set_time_limit(0) ensures that the script will not terminate due to a time limit. The process starts by disabling output buffering to allow immediate sending of data to the client when is ready. Next, it checks if the board_id is present in the URL parameters and if it's a valid number. If it's invalid or missing, an error message is sent via SSE and the execution stops. The getBoardState function runs an SQL query to retrieve the updated_at field from the boards table, which is used to check if the game has been updated since the last check. Initially, the script waits to receive the correct board state, and if it's unavailable, it continues trying to fetch the state. If the board_id is not found or there's an issue, an error message is sent, and the script terminates. Once the board_id is valid and the board state is available, the script sends an SSE event with the "connected" label to notify the client that the connection was successful. Then, the script enters an infinite loop, checking every 2 seconds whether there has been any change in the updated_at field of the board. If the value of updated_at has changed, an SSE event with the "update" label is sent to inform the client about the change. If the client's connection is closed, the script terminates. This logic allows real-time broadcasting of changes to the client without requiring page refreshes or other actions from the user.
- /dbconnection.php
This PHP script establishes a connection to a MySQL database using the mysqli extension. The script first sets the connection parameters, which include the username, password, hostname, and database name. The script uses mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT) to ensure that any errors or warnings are reported, helping in debugging. The connection is then established with the new mysqli() constructor, which takes the hostname, username, password, database name, default port, and socket path as arguments. If the connection fails, an error message is shown, providing the error number and description for troubleshooting. The script is designed to handle database connections efficiently, especially for local setups.
- /deleteBoardById.php
This PHP script receives a POST request, extracts a room_id from the JSON payload, and deletes the corresponding record in the boards table using that ID. It also handles potential errors by returning status codes (e.g., 500 if a database error occurs) and a 405 error if the request method is not POST.
- /updateAborded.php
This PHP script handles a POST request to mark a board as "aborded" by a player. It obtains board_id and player_aborded from the GET parameters, validates board_id, and updates the player_aborded column for that board in the database. The script returns a 200 status if the update is successful, a 400 error if the board_id is invalid, and a 500 error if something goes wrong in the database. A 405 error is returned if the request method is not POST.