$reply->status = 200;
$reply->message = null;
try {
// start the session and create an XSRF token
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
verifyXsrf();
//grab the mySQL connection
$pdo = connectToEncryptedMySQL("/var/www/trailquail/encrypted-mysql/trailquail.ini");
//convert POSTed JSON to an object
$requestContent = file_get_contents("php://input");
$requestedObject = json_decode($requestContent);
//sanitize the email & search by userEmail
$userEmail = filter_var($requestedObject->userEmail, FILTER_SANITIZE_EMAIL);
$user = User::getUserByUserEmail($pdo, $userEmail);
if ($user !== null) {
$userHash = hash_pbkdf2("sha512", $requestedObject->password, $user->getUserSalt(), 262144, 128);
if ($userHash === $user->getUserHash()) {
$_SESSION["user"] = $user;
$reply->status = 200;
$reply->message = "Successfully logged in";
} else {
throw new InvalidArgumentException("email or password is invalid", 401);
}
} else {
throw new InvalidArgumentException("email or password is invalid", 401);
}
//create an exception to pass back to the RESTful caller
} catch (Exception $exception) {
$reply->status = $exception->getCode();
/**
* test grabbing a user Id profile by a user email address that does not exist
*/
public function testGetInvalid()
{
// grab a user Id profile using a user email address that does not exist
$user = User::getUserByUserEmail($this->getPDO(), "*****@*****.**");
$this->assertNull($user);
}
