$reply->status = 200; $reply->message = null; try { // start the session and create an XSRF token if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } verifyXsrf(); //grab the mySQL connection $pdo = connectToEncryptedMySQL("/var/www/trailquail/encrypted-mysql/trailquail.ini"); //convert POSTed JSON to an object $requestContent = file_get_contents("php://input"); $requestedObject = json_decode($requestContent); //sanitize the email & search by userEmail $userEmail = filter_var($requestedObject->userEmail, FILTER_SANITIZE_EMAIL); $user = User::getUserByUserEmail($pdo, $userEmail); if ($user !== null) { $userHash = hash_pbkdf2("sha512", $requestedObject->password, $user->getUserSalt(), 262144, 128); if ($userHash === $user->getUserHash()) { $_SESSION["user"] = $user; $reply->status = 200; $reply->message = "Successfully logged in"; } else { throw new InvalidArgumentException("email or password is invalid", 401); } } else { throw new InvalidArgumentException("email or password is invalid", 401); } //create an exception to pass back to the RESTful caller } catch (Exception $exception) { $reply->status = $exception->getCode();
/** * test grabbing a user Id profile by a user email address that does not exist */ public function testGetInvalid() { // grab a user Id profile using a user email address that does not exist $user = User::getUserByUserEmail($this->getPDO(), "*****@*****.**"); $this->assertNull($user); }