Example #1
0
require_once '../vendor/autoload.php';
require_once 'infra.inc.php';
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
// Date in the past
header("Content-Type: text/plain; charset=UTF-8");
if (empty($_POST['username']) || empty($_POST['password'])) {
    exit("invalid data!!!");
}
$pdoconfigurated = new \sys\PDOConfigurated($infra['db']);
$pdo = $pdoconfigurated->getInstance();
try {
    $stmt = $pdo->prepare("\n\t\t\tSELECT\n\t\t\t\t  account.*\n\t\t\t\t, sys_account.*\n\t\t\t\t, sys_user.*\n\t\t\tFROM sys.user AS sys_user\n\t\t\t\tINNER JOIN sys.account AS sys_account ON (sys_user.id_sys_account = sys_account.id)\n\t\t\t\tINNER JOIN account ON (sys_account.id_account = account.id)\n\t\t\tWHERE\n\t\t\t\taccount.code = :username\n\t\t\tLIMIT 1\n\t\t");
    $stmt->execute(['username' => $_POST['username']]);
    $user = $stmt->fetch(\PDO::FETCH_ASSOC);
    $stmt->closeCursor();
    if ($user) {
        $decrypt = \sys\oauth2\storage\PDO::decryptPassword($_POST['password'], $user['password']);
        if (hash_equals($user['password'], $decrypt)) {
            echo "Valid password" . PHP_EOL;
        } else {
            echo "Invalid password!!!" . PHP_EOL;
        }
    } else {
        echo "User not found!!!" . PHP_EOL;
    }
} catch (\PDOException $excp) {
    exit($excp->getMessage() . PHP_EOL);
}