$app->put('/account/lang', function () use($app) { $data = json_decode($app->request()->getBody()); DatawrapperSession::setLanguage($data->lang); ok(); }); /* login user */ $app->post('/auth/login', function () use($app) { $payload = json_decode($app->request()->getBody()); // v-- don't expire login anymore $user = UserQuery::create()->findOneByEmail($payload->email); if (!empty($user) && $user->getDeleted() == false) { if ($user->getPwd() === secure_password($payload->pwhash)) { DatawrapperSession::login($user, $payload->keeplogin == true); ok(); } else { Action::logAction($user, 'wrong-password', json_encode(get_user_ips())); error('login-invalid', __('The password is incorrect.')); } } else { error('login-email-unknown', __('The email is not registered yet.')); } }); /* return the server salt for secure auth */ $app->get('/auth/salt', function () use($app) { ok(array('salt' => DW_AUTH_SALT)); }); /* *logs out the current user */ $app->post('/auth/logout', function () { $user = DatawrapperSession::getUser();
} else { if ($curUser->isAdmin()) { $user = UserQuery::create()->findPK($user_id); $pwd = $user->getPwd(); } } if (!empty($user)) { if ($user->getPwd() == $pwd) { // Delete user if (!$curUser->isAdmin()) { DatawrapperSession::logout(); } $user->erase(); ok(); } else { Action::logAction($user, 'delete-request-wrong-password', json_encode(get_user_ips())); error('wrong-password', __('The password you entered is not correct.')); } } else { error('user-not-found', 'no user found with that id'); } } else { error('need-login', 'you must be logged in to do that'); } }); $app->put('/account/reset-password', function () use($app) { $payload = json_decode($app->request()->getBody()); if (!empty($payload->token)) { $user = UserQuery::create()->getUserByPwdResetToken($payload->token); if (!empty($user)) { if (!empty($payload->pwd)) {