use RedBeanPHP\R; // Validate a user and store token (and return in response). $app->post('/login', function () use($app, $jsonResponse) { $data = json_decode($app->environment['slim.input']); $expires = $data->rememberme ? 2 * 7 * 24 * 60 * 60 : 1.5 * 60 * 60; $lookup = R::findOne('user', ' username = ? ', [$data->username]); $jsonResponse->message = 'Invalid username or password.'; $app->response->setStatus(401); if (null != $lookup) { $hash = password_hash($data->password, PASSWORD_BCRYPT, array('salt' => $lookup->salt)); if ($lookup->password == $hash) { if ($lookup->logins == 0 && $lookup->username == 'admin') { $jsonResponse->addAlert('warning', "This is your first login, don't forget to change your password."); $jsonResponse->addAlert('success', 'Go to Settings to add your first board.'); } setUserToken($lookup, $expires); $lookup->logins = $lookup->logins + 1; $lookup->lastLogin = time(); R::store($lookup); logAction($lookup->username . ' logged in.', null, null); $jsonResponse->message = 'Login successful.'; $jsonResponse->data = R::findOne('token', ' user_id = ? ORDER BY id DESC ', [$lookup->id])->token; $app->response->setStatus(200); } } $app->response->setBody($jsonResponse->asJson()); }); // Log out a user by clearing tokens. $app->get('/logout', function () use($app, $jsonResponse) { if (validateToken()) { clearDbToken();
<?php $_SESSION['userData']['session_token'] = NULL; $_SESSION['userData'] = NULL; setUserToken($_SESSION['userData']['user_id'], NULL);
<?php require_once 'functions.php'; if (!isset($_POST['submitted'])) { echo "GET OUT!"; } else { $userNameOrEmail = $_POST['userName']; $userPass = $_POST['userPassword']; $hash = getUserHash($userNameOrEmail); $passwordMatch = password_verify($userPass, $hash); if ($passwordMatch) { $userData = getUserData($userNameOrEmail); $token = array("user_id" => $userData['user_id'], "permissions" => $userData['group_id'], "iat" => time(), "exp" => time() + 14 * 24 * 60 * 60, "iss" => BASE_URL, "uip" => $_SERVER['REMOTE_ADDR']); $key = getSessionKey(); $jwt = JWT::encode($token, $key, 'HS256'); setUserToken($userData['user_id'], $jwt); $userData['session_token'] = $jwt; $_SESSION['userData'] = $userData; header("Location: ."); } else { header("Location: ./login?err=invalid"); } }